Does Your Breach Incident Response Plan Have Holes? - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
Commentary
8/16/2017
07:00 AM
Xuyen Bowles, Sentek Cyber
Xuyen Bowles, Sentek Cyber
Commentary
50%
50%

Does Your Breach Incident Response Plan Have Holes?

The likelihood of a company suffering a breach is worse than most believe. Here's a checklist for building out a plan to deal with a breach.

In 2016, the number of data breaches in the US reached a record high of 1,093, according to a study by the Identity Theft Resource Center and CyberScout. That was a 40% increase over 2015.

These statistics may seem frightening, but the reality is likely much worse. According to the researchers, the untold numbers of breaches that go undetected and unreported keep us from seeing the full scope of the problem.

These attacks take a toll on businesses. A recent study by IBM/Ponemon placed the average cost of a data breach for a U.S. company at about $4 million. The most important thing an organization can do to avoid such losses is to have a breach response plan in place, and a team trained to implement it.

If your company doesn’t have an incident response plan, there’s never been a better time to establish one. We’ll examine some best practices for creating a breach incident response plan.

Create a Strong Response Team

No plan can be effective without vigilant employees tasked with specific responsibilities. A CIO should be closely involved in the formation of a team of members who each know his or her role in responding to a breach.

Such a team should include:

  • Incident Response Officer (IRO). The IRO should serve as the liaison to external partners involved in combating a breach.
  • IT Personnel. IT personnel should assess and contain the damage, perform forensics, recover data, and mitigate the effects of the breach to the company and end users.
  • Legal Counsel. An attorney’s responsibility is to determine if specific evidence can be used if the company decides to take legal action. The attorney will also advise on any legal issues that may arise if a data breach impacts customers, shareholders, or vendors, who could pursue legal action.
  • Public Relations. The public relations team will assume crisis management duties in the public eye.
  • Outside Partners. Forensic and cybersecurity companies can help restore systems and remove threats. These partners, including exactly what they do and the point of contact, should be documented in the response plan.

Establish a Reporting Structure

Employees across departments must know whom to contact if they notice suspicious activity. To do that, CIOs must ensure that staffers are educated on what constitutes suspicious activity they may come across.

Document the Breach

Documenting the breach is essential to address the attack and respond to fallout. It should also help the company learn where to improve security in the future.

Documentation should include:

● The system affected

● The origin of the breach

● Any malware used

● The location of remote servers where data may have been sent

● Which users were logged on

● A list of running processes

● A list of open ports and connected applications

Communicate Effectively

Once a data breach has been confirmed, the IRO should inform management of the steps being taken to repair the damage. Once the breach has been contained, communications should be sent to staff outlining an explanation of the event, steps being taken to fix the situation, and resulting policy changes.

Establish a Remediation Process

Written policies should be in place to inform IT actions in response to a breach, including:

● Monitoring suspicious activities

● Disconnecting/blocking services

● Confiscating affected workstations and devices

● Contacting external cybersecurity resources

● Contacting the Internet service provider

Test Your Response Plan

The best way to test the effectiveness of the response plan is by conducting a breach simulation exercise that replicates an attack. This drill will allow your team to see how a breach unfolds in real time, and it will uncover any problems that need to be tackled.

Establishing a plan is great, but it’s only a first step. Once a plan is established, it should be examined and tested periodically, and revised if necessary. More than a third of companies that have a plan have never done this, according to a study by Experian. Don’t learn this lesson the hard way.

Xuyen Bowles, Sentek Cyber
Xuyen Bowles, Sentek Cyber

With 20 years of experience in the enterprise space, Xuyen Bowles now oversees one of the most successful cyber security firms in San Diego. Sentek Cyber (a division of Sentek Global) offers a wide array of cyber security protection from penetration testing, consultancy, and training advance threat detection.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
akkijordan007
50%
50%
akkijordan007,
User Rank: Apprentice
10/4/2018 | 3:20:32 PM
Pending Review
This comment is waiting for review by our moderators.
NachoV
50%
50%
NachoV,
User Rank: Apprentice
8/23/2017 | 5:28:47 AM
router login
Thanks! It's really detailed and informative post. The author did make big work!
Commentary
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Commentary
How to Retain Your Best IT Workers
John Edwards, Technology Journalist & Author,  9/26/2018
Slideshows
10 Highest-Paying IT Job Skills
Cynthia Harvey, Contributor, NetworkComputing,  9/12/2018
Register for InformationWeek Newsletters
Video
Current Issue
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll