Steps not to take after a data breach

The recent ransomware Petya and WannaCry ransomware attacks brought further attention to what is a top concern at nearly every organization – cybersecurity. Information Management spoke with John Suit, chief technology officer at Trivalent, about the steps that organizations should not take following a data breach.

Information Management: You talk about things NOT to do after a data breach, which is a very different take than what we are used to seeing. What do you mean by that?

John Suit: High profile data breaches and hacks continue to appear in the news every day, causing organizations of all sizes understandable anxiety around data protection. With over 10M records exposed so far this year, as well as the rise in next generation threats like ransomware and malware, organizations can no longer stick their heads in the sand and pretend it won’t happen to them.

By approaching a data breach as a probability, rather than an impossibility, organizations are much better equipped to mitigate damage in the crucial hours following a breach. While many have spoken about the steps that should be taken during these first 24-72 hours, the steps NOT to take often go overlooked. Without this knowledge, company leaders could end up spreading the fire, rather than smothering it.

IM: Is that approach understood by many organizations?

Suit: Many organizations have a plan in place in the event of a breach, but there are also important things for them to remember not to do. While unpreparedness in the face of a data breach can cause irreparable damage to a company, panic and disorganization can also be extremely detrimental. It is, therefore, critical that a breached company not stray from its incident response plan, which should include identifying the suspected cause of the incident as a first step.

Additionally, organizations must not forget to take notes. Creating detailed reports with disk images, as well as details on who, what, where and when the incident occurred, will help organizations implement any new or missing risk mitigation or data protection measures.

Organizations should also not be afraid to ask for help. If company leaders determine that a breach has indeed occurred following internal investigation, they should bring in third-party expertise to help handle and mitigate the fallout. This includes legal counsel, outside investigators who can conduct a thorough forensic investigation, and public relations and communication experts who can create strategy and communicate to the media on the organization’s behalf.

John Suit.jpg

IM: What is your sense on the level of preparedness that most organizations have regarding data security?

Suit: As a general rule, most organizations have some sort of data protection in place. The problem here is that many still rely on traditional encryption to protect their data, which has proven time and time again that, regardless how well implemented, is not equipped to protect data against next generation threats like ransomware and malware. Without file-level data protection that travels with every piece of data to protect it in the event of a breach, organizations will continue to be at risk.

IM: What are organizations generally doing right, and generally doing wrong, in their efforts around cyber security?

Suit: Data protection is often thought of as something an organization checks off its checklist and then doesn’t think about until an issue arises. It’s great that organizations have data protection, employee training and response plans in place—but these are only the first steps.

As mentioned, many organizations do have some type of incident response plan to follow in the event of an attack. These plans are only effective if they are fluid and constantly updating as organizational practices and staff change. Additionally, organizations should charge their security teams to be up-to-date on data protection technology and next level threats, and empower them with the tools and resources to ensure the organization is doing everything possible to protect its information.

If company leaders make data protection a constant priority, that vigilant approach to information security will flow down through the rest of the organization. If data security is something that is on the mind of everyone within an organization, companies are much better prepared to keep their data safe and act swiftly in the event of a breach.

IM: When we have well-publicized cyber incidents like the recent Petya ransomware attacks or the recent WannaCry attacks, does that have long-term impact on encouraging organizations to improve their security efforts?

Suit: Absolutely. These high profile breaches are unfortunate, but the positive is that they are shedding light on the fact that data security has fallen behind next generation hackers.

No organization wants to be breached. Putting employee, client and customer data at risk poses a huge risk to their safety, and also tarnishes an organization’s reputation and can cost a tremendous amount. These breaches are forcing organizations across all industries to take a hard look at their data protection strategy and increase budgeting around information security.

IM: How might a cyber security program differ at an organization that assumes an incident is a probably (or even certainty) versus an organization that assumes an incident is a possibility?

Suit: Gaps in security strategies are exploited every day, so it is important for company leaders to acknowledge their organization may have a similar gap. As businesses learn how to protect their data from new threats, hackers quickly adapt in order to infiltrate each new shield put in front of them. By recognizing a data breach has the potential to occur, and adopting strategies and technology that ensure data stays protected even in the event of a breach, organizations can remain one step ahead of hackers.

IM: What advice would you offer an organization regarding data security measures they probably haven’t heard elsewhere or considered?

Suit: After a data breach is resolved and regular business operations resume, do not assume the same technology and plans you had in place pre-breach will be sufficient. There are gaps in your security strategy that were exploited and, even after these gaps are addressed, it doesn’t mean there won’t be more in the future.

In order to take a more proactive approach to data protection moving forward, treat your data breach response plan as a living document. As individuals change roles and the organization evolves via mergers, acquisitions, etc., the plan needs to change as well.

Additionally, work with your security and/or IT team to discuss investing in next generation data protection solutions, which go beyond traditional encryption to protect data at the file level. This will keep your company information safe across all workplace computing devices in both connected and disconnected modes, ensuring company data remains safe from unauthorized users—even in the event of another breach or next generation attack like malware or ransomware.

This story originally appeared in Information Management.
For reprint and licensing requests for this article, click here.
Data security Cyber security Cyber attacks Ransomware
MORE FROM DIGITAL INSURANCE