Three Pre-Incident Actions That Make Data Breaches Less Disastrous

Cyberthreats are a growing problem—and they aren’t going away.   Instead, things will get much worse before they get better. Glenn Gerstel, General Counsel for the NSA, shared a grim outlook in a recent NY Times article. “We must prepare for a world of incessant, relentless and omnipresent cyberconflict—in not only our national security and […]

cyber security words with broken glass

Cyberthreats are a growing problem—and they aren’t going away.

 

Instead, things will get much worse before they get better. Glenn Gerstel, General Counsel for the NSA, shared a grim outlook in a recent NY Times article. “We must prepare for a world of incessant, relentless and omnipresent cyberconflict—in not only our national security and defense systems (where we are already used to that conflict) but also, more significantly, every aspect of our daily and commercial lives.” Financial institutions continue to be prime targets for this disruption.

Gerstel noted that things probably won’t get better because we create more effective deterrents, but because we develop greater resilience. Resilience requires thorough planning and swift response to prepare for when breaches inevitably occur. Here are three critical areas where what your teams does pre-incident will determine the speed and effectiveness of your breach response.

Expand and Accelerate Communication

Data breach response is an activity that involves multiple business siloes. IT may be at the center, but Legal, Compliance, Communications, the C-Suite, and other stakeholders all need to regularly communicate and work together throughout the planning process to ensure smooth deployment in the event of a breach. 

  1. Legal and Compliance: Too often, IT works solo on the data breach response plan and brings in Legal on an “as needed” basis later on. That means when counsel finally joins the conversation, it may take more time to get up to speed and identify areas of risk. Ideally, Legal and Compliance teams should be involved from the start in crafting cybersecurity policies and response protocols. 
  2. Communications: What an organization says in a crisis is almost as important as what it does. Communications teams need to be ready to release public statements and notifications on cue. Statement templates for various scenarios should be crafted in advance (to the extent possible) to improve timeliness of distribution and to reduce the risk of saying the wrong thing—an easy mistake to make in a crisis.
  3. C-Suite: Until recently, the C-suite saw little reason to get deeply involved in data breach planning and response. Now, the cost and frequency of data breaches is too high to ignore. In the future, executives might even be at risk for jail time if they fail to disclose a data breach as required by law. It’s no surprise that there’s more interest from the highest levels to make sure things are handled right. While executives don’t have time to dig into every detail of data breach response planning, they do need to understand the risks to the organization and be involved in setting expectations for policy and governance. The team must also create an escalation plan to communicate with the C-suite about threats or incidents that meet or exceed a certain threshold.

Share Knowledge

  1. What is an incident? An event? A breach? How do you make that call? Each of these terms has different technical implications and legal ramifications. You can’t afford to call a situation a breach when it’s not that serious or categorize something as an incident when it should be escalated much higher. When Legal and IT share knowledge effectively, it’s easier to put systems and plans in place that ensure an appropriate response depending on well-defined categories. 
  2. Everyone on the team can help keep an eye on the cyberthreat landscape based on their own areas of expertise. There should be a common platform for knowledge sharing so that ideas can be cross-pollinated and patterns become more apparent. Eventually, this sharing could happen across multiple institutions in near-real time through use of aggregate, anonymized data to help teams identify threat patterns and red flags even earlier based on similar incidents for other organizations.
  3. Knowledge sharing should also occur between organizations and the third-party vendors who have access to sensitive data. These vendors should be proactively reaching out when things change in their own cybersecurity protocols or threat landscape—and vice versa. Providing a central communications hub where this can happen makes it easier to ensure nothing is slipping through the cracks.

Conduct Response Testing

According to the 2019 Cost of a Data Breach Report from Ponemon and IBM, “Extensive testing of an IR plan reduces the total cost of a data breach by an average of $320,000 from the mean cost of $3.92 million.” Testing doesn’t merely highlight areas of improvement. When it includes drilling responses, it turns crisis response into an activity that is driven by muscle memory. 

According to BreachRX CEO, Andy Lunsford, “If you practice drill for things that are going to happen in crisis, you know exactly what to do and you don’t hesitate.” This doesn’t mean everything can be anticipated down to the last detail. Situations may still change from moment to moment. But when teams practice doing the right thing for typical scenarios, they have more brain power left to think on the fly for those aspects of the incident that don’t go as predicted. 

How frequently should response testing be done? “It’s subjective, but in my view the minimum is quarterly. The likelihood of a breach is significant enough that this seems like a reasonable starting point.” As breaches become more commonplace, response drills must become a part of the routine as well.

How Can Automation Help?

As Lunsford pointed out: “The 2019 Ponemon report also showed that the average total cost of data breach was 95% greater in organizations without security automation deployed. IBM’s definition includes incident response orchestration, which is exactly what BreachRX helps provide.” 

Automation through the right platform can help improve communication and knowledge sharing by creating a single space to discuss, develop, plan, and deploy data breach responses. It also provides the launching pad for test drills and real live breaches. Even better, it provides a place to document lessons learned to boost response speed, accuracy, effectiveness, and compliance. With cyberthreats evolving at a rapid pace, operationalizing response plans is the most resilient path forward.

Recent Posts

Categories