Insights

Responding to a Security Breach

26 Mar 2019, MOQdigital Marketing

Cisco

Cisco Campaign (6)Experiencing a security breach is not a matter of ‘if’, but rather of ‘when’. How a company prepares for a breach, and how they enact their response, is critical to their recovery and the prevention of significant losses. There are a multitude of ways a business can be affected by a data breach, including malware, bots, viruses, Trojans, and more. Employees may even unintentionally cause a breach by connecting an unknowingly infected device to a corporate network, and users with malicious intent may try to hack company systems to steal information or apply ransomware. Intrusion prevention systems, antivirus, firewalls, and employee education all help reduce the chance of facing a data breach – but it is impossible to detect threats 100% of the time. There are simply too many risk factors to consider, and companies need to be prepared to identify, react, and contain any threat that may get through their security systems.

Response Process

Security Responses can be broken down into five steps, all of which should be conducted quickly to be effective. Speed is the key to responding to security breaches. Cisco reports that slower responses equal higher risks, with 66% of reaches taking months or years to discover, and only 33% of organisations discover breaches through their own monitoring. Fortunately, incident response services allow companies to increase their visibility and deal with breaches when and where they occur. By responding quickly to a breach, a company can take the appropriate steps required for recovery.

  1. Preparation: The first step is to summarise all activities before facing an incident. This includes constructing an incident response plan as part of the company’s ongoing security strategy.
  2. Detection: Step two involves the detection and analysis of a threat. These functions serve to help companies understand the when, where, and how of a threat, as well as the scope of an incident. This involves the use of a Security Operations Centre, as well as Incident Response Teams, who can work with IT to determine and undertake a plan for containment and resolution.
  3. Containment: Step three is central to the success of a company’s recovery. If containment is not done correctly, a company is at risk of reinfection via the same vulnerabilities that led to the initial incident. Containment involves cutting off a threat from the enterprise and its network and minimising its impact on the business. This also means that companies should have backups and router configurations prepared to ensure operations can continue, or are not crippled, during a threat containment period.
  4. Resolution: Step four involves resolution via the removal of a threat from corporate systems. This step aims to eradicate the infection from the company entirely and examine the damage sustained by the breach.
  5. Recovery: A company can only consider themselves ‘recovered’ from a data breach when they have returned to a fully operational state. This includes resuming normal operations, as well as ensuring that the threat has been understood, lost data recovered or otherwise reported, and compliance measures undertaken. Recovery should also include steps toward further securing corporate networks against similar attacks, and evolving existing security strategies to allow for better management and recovery from future events.

Compliance

A security strategy should also consider compliance regulations relating to a business and their users. Most Australian companies must now comply to Notifiable Data Breach (NDB) regulations that came into effect in February 2018, and many fall under new General Data Protection Regulations (GDPR) legislation that affects businesses dealing with data relating to citizens of the European Union. Failure to comply with these legislations could cost companies millions of dollars in fines – on top of damages associated with a data breach.

Your Security Strategy

Security strategies will vary from company to company. While businesses face similar threats in a modern market, they each have separate goals and needs that require tailored security solutions to reduce their risk and remain operational in the event of a threat. To discover how to prepare your company for a security breach, get in touch with MOQdigital today. We utilise Cisco Security Solutions to ensure that your business is prepared to pursue secure success in a digital environment.

Not quite sure where to start on your security journey? MOQdigital can help with a free Umbrella Proof of Value.

Find out more