It seems as if hardly a day passes without a high profile data breach report in the press. Organisational defences are being breached and confidential data is being stolen. There is a ready market for Personally Identifiable Information (PII) such as credit card numbers, email addresses, and bank account details. For many organisations, it is less a matter of whether they will suffer a high profile breach, but when. A recent survey found that most security pros are unsure if they could properly handle a breach, and would need to fudge a report to their CEO.
This is a threat to all sectors such as financial, health care, retail, academic, gaming, government, telecom, and tech companies. This year, it is expected that the retail sector in particular, will come under threat following high profile breaches at Target and Neiman Marcus. The Target breach was carried out by key logging on point of sale devices and exposed up to 70 million names, email address and phone numbers.
Organisations are stewards of their customer’s data. They need to show due care and follow best practices in the security of sensitive data. The organisation’s Cyber Incident Response Plan (CIRP) must detail the process to follow in the event of a data breach, and include the following elements:
– Make a senior executive in charge of incident response
– Develop a response routine
Analyse the extent of the breach (determine the type and quantity of data stolen)
Containment to limit the damage
Restore the system to good state, bolstering defences
Implement system strengthening mechanisms
Implement a remediation programme to restore confidence
– Make the required notifications – depending upon location and industry, the organisation may be required to notify authorities, the press and customers affected
– Ensure all key personnel understand their roles
– Plan for the involvement of key functions such as corporate communications, compliance bodies, legal, law enforcement, customer support, and business operations
– Conduct regular reviews of the CIRP to ensure planned responses are up-to-date
– Practice the response in a simulation which should evaluate capabilities and timing of responses
– Analyse each incident and ensure that lessons are learned
A swift response in remediation limits the damage, reduces the recovery time and costs, and resumes confidence. Remediation can make a big difference to customer confidence, and the reaction of the press and authorities, if it involves a free offer to customers. It is important that correspondence to customers detailing the remediation does not look like a phishing scam.
Generally, the first threat to customers who have had data stolen, is from phishing attacks. Criminals use the stolen data to conduct a phishing attack and harvest more data from the same customers. Remediation offers should therefore include a strong anti-phishing solution. Generally our company provide a sensitive data monitoring service, together with an anti-phishing solution on PC and mobile, as remediation after a data breach. This helps the organisation who has suffered the data breach to re-build customer confidence, and puts them in better light with authorities and the press.