Got Breached? The Clock Just Started Ticking

Getting hit by malicious hackers and suffering a data breach is bad. Reacting so slowly that the fallout increases exponentially is even worse.

At first blush, this might seem to fall under the heading of conventional wisdom. Yet too many organizations still assume they can respond promptly to breaches when, in fact, they are operating with a false sense of security.

In fact, a recent survey of security professionals by the Ponemon Institute found that less than half of the respondents believed their company’s ability to respond to data breaches is either very effective or effective. But nearly two-thirds say their data breach response plans have never been reviewed since first being put in place, or that there was no set amount of time established for reviewing them.

That’s trouble just waiting to happen – especially when the victim organizations aren’t large enough to weather the storm. Some are able to put their breaches in the rear view mirror but not many smaller companies would be able to recover from a major blow to its finances or reputation – or both – in the aftermath of that kind of attack.

Response Time Critical

So what can you do to quickly find out the extent of a data breach and ameliorate it quickly? Dr. Larry Ponemon, founder of the Ponemon Institute, says it all begins with having the right security tools in place. Without them, he warns, it can take enterprises months or ever years before they discover breaches — if they find out about them at all.

“You need cyber intelligence tools that check logs and data and then develop models, preferably using some form of artificial intelligence or machine learning, to automatically detect potential breaches and warn you right away about them,” he says.

Especially important, he says, is that the tools have the ability to prioritize which potential breaches to investigate further, and which don’t need to be studied because they’re likely not problematic.

“You can’t always investigate everything,” he says, “so your system needs to tell you which anomalies really need to be followed up on, and which you can ignore. That way, you can focus right away on the ones which will really have an impact.”

Prioritizing potential threats in this way will ensure that real dangers are handled quickly, rather than being put on the back burner. And he emphasizes that when it comes to responding to breaches, time is of the essence.

“Our research through the years has found that if companies tell the public about a breach within 30 days after it occurs, people will forgive them for it. But once it goes past that 30-day threshold, there’s a serious reputational risk.”

An important part of meeting that deadline, he says, is establishing a multidisciplinary investigatory committee that springs into action whenever a breach is discovered. It should include not just experts in security and IT, but lawyers who can deal with compliance, privacy and reporting issues, public relations and marketing experts who will handle customer trust and reputational issues, and top executives who best understand the breach’s impact on the company as a whole.

It’s important that top company executives get what they want in terms of information so that they can make informed decisions. Because if you don't include that sort of thing in your planning it's going to come back to bite you.

Ponemon adds one final piece of advice: Be prepared.

“I know it sounds corny,” he said, “but you need to have a process in place for dealing with a data breach even before it happens to you.”

His back-of-the-envelope advice includes these pointers:

• Take a team approach and make sure that you have people ready to roll.
• If you have a written plan, test it. You can also run a simulation or a desktop exercise of some kind.
• Make sure that rank and file employees, not just computer specialist or security architects, are well-trained in how to respond. They need to know what they should do if they suspect a data breach.

“That way, you have hundreds or thousands of people on the lookout, and you’ll be much more likely to discover a breach and respond to it quickly,” he said.