infoTECH Feature

April 24, 2017

What's the Appropriate Response After a Security Breach?

A security breach can be a nightmare for businesses of all sizes. And while there’s a lot of information on how to avoid a breach in the first place, there isn’t always clear advice on what to do after one has already happened. From an IT perspective, a swift and calculated response will play a key role in diffusing the problem and rebuilding trust.

Prevention is the Best Method

Most businesses aren’t fully aware of the consequences of a cyber attack or security breach. They know it isn’t good but don’t quite understand the full impact. Just consider the following direct and indirect consequences:

  • Direct financial cost. According to the Ponemon Institute’s (News - Alert) 2014 Cost of Data Breach Study, the average data breach costs U.S. companies $195 per record lost. That adds up to an average total cost of $5.85 million per breach. And that’s just the price of the data.
  • Increased cost of debt. A Deloitte study recently compared companies that had, and had not, been involved in cyber breaches. The study found that the interest rate for a 10-year, A-rated U.S. corporate bond averaged right around 3.44 percent, while a BBB-rated bond came in at 4.13 percent. For a business that’s downgraded from A to BBB, the added cost of interest over the lifespan of a $100 million project is roughly $3.6 million.
  • Damaged brand perception. The direct financial hit a company takes after a breach hurts, but it’s the long-term ramifications that usually end up costing the most. Customers don’t forget when a company is involved in a breach, and that can adversely affect spending habits, customer retention and customer acquisition.

This list of consequences could be expanded out to include a dozen more examples, but that’s not what this article is about. The point is that you can’t afford to have a breach in the first place. But if you do, knowing how to respond can make all the difference. 

5 Steps to Take After a Breach Has Occurred

It’s easy to go into panic mode after you discover a breach. But the quicker you get out of panic mode and into action mode, the better off things will be. Here are a few steps you must take:

1. Notify Law Enforcement

Your initial desire may be to keep a lid on the breach until you can figure out a plan of action, but don’t delay the process of reacting. It’ll only compound your problems.

According to this blog post from High Risk Pay, you should “Notify law enforcement authorities of the data breach. Also, consult with state law to determine if you need to follow reporting guidelines. A business needs to follow state laws for a data breach or potentially face fines for failing to report a violation properly.”

Law enforcement is your friend in a situation like this. Sure, contacting law enforcement means you’ll have to fully disclose everything, but don’t be fooled into thinking you’d be able to keep it a secret anyway. It’s virtually impossible to do, and the consequences of not disclosing are profound.

2. Identify the Cause

Really, this is part of step one. You need to identify the cause as soon as possible to make sure you’re secure. It’s like having a leak in a fishing boat. While you need to grab a bucket and start scooping the water out, your efforts are futile if you don’t first find and plug the hole that’s causing the water to gush in.

Start by studying your system. If you can’t find any evidence that the breach was initiated by an external source, consider the fact that it may have come from the inside. “We now know that no matter how strong your IT security is and how many barriers or identification methods you impose on your people, the weakest links in the system will always be your own employees,” security expert Andra Zaharia notes. This doesn’t necessarily mean your employees are bad people, but just that they did something dumb – for example, opening an email attachment they shouldn’t have.

Consider all possible options and don’t stop until you’ve focused in on the who, what, and where. It’s sort of like playing the world’s least fun game of clue. I think it was a foreign hacker, with access to Larry’s password, in his mother’s basement. You’re just trying to piece together an initial cause right now, but do your best to get as specific as possible. Data forensics will be called in later to fully assess the problem.

3. Secure Information

Once you have a pretty good idea of the cause, you have to start securing information so that nothing more is compromised. Using the previous example, this would mean changing Larry’s password and temporarily suspending his account. While your focus will naturally be on what was compromised in the breach, your focus really needs to be on minimizing the impact.

4. Notify Customers

Now comes the gut-wrenching part. You have to notify customers of the breach. Failure to do so is a federal crime and can result in fines and imprisonment. While you have to be thorough in order to comply with the law, only share as much information as you have to. The marketplace doesn’t need to know every little thing that’s happening behind closed doors. Not only will this hurt your brand even more, it could inadvertently give other cyber criminals information to leverage in the future.

5. Build a Stronger Security Infrastructure

The final step in your response plan is something that you can’t just check off. It’s something that will last indefinitely. You have to start building a stronger security infrastructure in preparation of preventing future incidents.

Be Prepared for Anything and Everything

We’ll say it one last time: Prevention is the best method. But when prevention doesn’t work and you’re staring down the reality of a breach that could cost your organization and brand everything it’s worked so hard to build, knowing how to respond becomes the most important asset you have. 

Edited by Alicia Young

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers