This blog was originally published in January but the RSA® Conference 2015 and the House of Representatives’ recent passage of the Protecting Cyber Networks Act made it worthy of republishing with new info.
Technology is rapidly evolving and new innovations are made each day that make life more convenient. Unfortunately, one of the downfalls to living in a connected world (other than slow Wi-Fi) is the lack of security. A global survey by ISACA and RSA Conference in April 2015 that included 649 cybersecurity, IT managers and practitioners showed that 77 percent experienced an increase in attacks in 2014 and 82 percent view it as likely or very likely that their company will be attacked this year.
CNET dubbed 2014 as “The Year of the Hack” and rightfully so with high-profile data breaches involving Target, JP Morgan and Sony’s breach that resulted in a feature film called “The Interview” with Seth Rogen and James Franco getting pulled from theaters.
Each of these incidents occurred due to external forces but 2015 kicked off with a reminder that internal cybersecurity threats also exist. Financial services giant Morgan Stanley terminated an employee for stealing account information from 350,000 of its wealthmanagement clients and posting some of it for sale on an open file-sharing website called Pastebin. More recently, the U.S. Central Command Twitter and YouTube accounts were hacked by CyberCaliphate, alleged Islamic State supporters, during a speech President Obama made announcing proposals focusing on electronic privacy and cybersecurity. Wired reported that the House of Representatives passed the Protecting Cyber Networks Act in effort to protect the government and private sector from computer security breaches.
So what should you do if a breach occurs within your company? In the event of a cybersecurity incident, there are immediate actions that need to be taken in order to limit the damage and begin the remediation process. Data breaches can damage consumer trust, negatively affect search ability on Google and potentially ruin your business. This post will outline a few best practices to navigate your way through the process and better protect your company against future vulnerabilities.
Step 1: Identify the problem and form a task force
Knowing there is a problem is the first step toward solving it and timing is critical. Once the issue is brought to your attention you must quickly gather the crisis communications team and begin answering questions that will provide insight into the scope of the attack. The task force makeup varies but it should consist of senior executives, public relations professionals and legal counsel. A representative with an IT background will be helpful for this process as well.
Several common questions include:
- When was the breach noticed?
- Which services, systems, etc. have been affected?
- What type of attack is it?
- Who committed the attack and do they have an agenda? (external or internal?)
- Who or what is the target of the attack?
Step 2: Isolate the damage
Data breaches should be approached in the same way firefighters handle a fire. The affected areas need to be isolated to prevent spreading and to protect against additional vulnerabilities. Quarantine the corrupted servers, devices and systems so they can be examined and made functional again.
Step 3: Begin the remediation process
Now that the firefighters put out the fire, it is time for the remediation professionals to assess the damage and begin cleaning. Work with the crisis communications team and IT representatives to evaluate the extent of the damage and keep a record of the findings. This will provide a baseline from which to measure the effectiveness of the remediation efforts once they have been completed. Next, the teams will need to establish a hierarchy of need by focusing on the more critical areas initially and then moving onto less essential areas until completing the process.
Step 4: Develop a communication strategy
The crisis communications team must identify each of the audiences that need to receive information about the data breach. Typically, audiences are separated into internal and external groups. The internal group generally consists of employees, business partners and stakeholders while the external group can include clients and the general public. Decisions about the manner in which the messages are delivered and the timing for each also need to be made.
Messaging should be tailored to each audience and there needs to be a balance between transparency and over-sharing. Not everyone should be privy to the intimate details of the situation but they all deserve to know there was an issue and the company is on the case. Additionally, communications should include the steps taken to repair the breach and the new policies created to protect against repeat occurrences.
How should the information be disseminated? It all depends on the existing communication methods and if the situation calls for a completely new approach. Gone are the days where a simple press release would suffice. Public relations and legal counsel will earn their stripes in this stage.
Much like the remediation process, the messaging should start internally and then move externally. This is a great time to establish a chain of communication for the company and it can include electing a spokesperson or spokespeople to field questions and disseminate the information. Businesses should be as transparent as possible (within reason) and provide multiple status updates designed to build and maintain trust. Offering complimentary fraud protection or identity theft protection is a common practice.
The Bottom Line:
The thirst for knowledge and our capacity to push the bounds of technology has a price. Data breaches and identity theft are everyday threats now. Business owners do not need to become “doomsday preppers” but it is important to have a plan. With all of this in mind we have included a “Cybersecurity Protection Checklist” and a few useful resources to assist with protecting against and managing an ongoing cybersecurity breach. Click the button below to help keep your company safe.
New statistics from polls in the ISACA 2015 State of Cybersecurity:
- 79 percent say their board of directors is concerned with cybersecurity
- Close to a third of report either to the CEO (20 percent) or to the board (11 percent)
- 55 percent employ a chief information security officer (CISO)
- 56 percent will spend more on cybersecurity in 2015 and 63 percent say their executive team provides appropriate funding
