How Can Organisations Deal Intelligently with Information Security Breaches?

Steve Durbin, Managing Director, Information Security Forum

Data breaches are happening more frequently, compromising larger volumes of data than ever before. We seem to hear about new data breaches every day. The number of compromised records grows, while organisations are subjected to larger financial penalties, stronger legislative and regulatory scrutiny, and tangible reputational damage. For organisations that suffer a breach, responding in an intelligent and confident manner is critical.

Given today’s connected landscape, how can organisations protect themselves and their customers, while safeguarding or even increasing business value? Moreover, what are some of the obstacles they must overcome around data breach prevention and response?

Preventing the Next Data Breach

Data breach prevention is based on the premise that it is possible for an organisation to increase an adversary’s ‘work factor’ to such a degree that malicious activity becomes unprofitable and attackers move on to easier targets. Basic technical preventative measures are popular because they scale easily and are more reliable than employing a person for the same task.   

There are a wide range of motivations for malicious actors, and without investment in measures such as threat intelligence, an organisation could easily spend too much or too little time and money on prevention. Some organised criminal groups have capabilities equal to nation state intelligence agencies and will be capable of overcoming nearly any private sector attempts at information security. Their ability to operate globally, to reach an ever-increasing range of targets, also continues to improve.

Supply chain security always rises towards the top of the discussions I have, and it is clear that weaknesses here are prevalent and persistent. Oversights in managing third parties, and the complexity associated with managing what can be many thousands of suppliers, is often beyond the ability of any individual or department to fully handle.

The Information Security Forum (ISF) has looked at supply chain security and offered guidance such as the Supply Chain Assurance Framework (SCAF) to assist our members in the procurement phase of a supplier relationship. These basic measures address the initial element of complexity, but not all procurement will be done with such rigor, and poor supplier security will continue to result in regular data breaches.

Responding to a Data Breach

Many organisations realise that incidents will occur regardless of the precautions they’ve taken, so seek to respond to breaches in a resilient and professional manner. But, these capacities can often be lacking, and the resulting disorganisation damages customer trust, brand value and ultimately, reputation.

Responding well is more difficult than prevention and detection because it forces interaction between a wider range of internal and external stakeholders such as shareholders, customers, vendors and regulators. This can create significant coordination and communication problems, and these interactions take place in a high-pressured and time-poor environment where the commercial and professional stakes are high, but tolerance for error is low.

So how can information security demonstrate business value when responding to a data breach, and what are the key organisational capabilities to have in place – technical, procedural, people and political? Follow these three simple steps:

• Develop a Plan
• Practice the Plan
• Respond Decisively

Managing Your Message

Due to today’s 24/7 news cycle, it is nearly impossible for organisations to control the public narrative of an incident. Responding to unwelcome information released on someone else’s terms is a poor strategy, and a defensive posture plays poorly with customers whose personal details have just been compromised.

Preparation is essential. For example, this can be done through inter-departmental scenario planning which tests the organisation’s media and customer response strategy. Creating and testing response plans may also attract interest from senior management, particularly if their organisation, or a competitor, has suffered an incident where they suffered reputational damage. This is an opportune moment to demonstrate the business benefits of a coherent response plan.

Messaging should be about creating transparency, within the organisation and with the public. The organisation should be seen communicating in an ethical and trustworthy manner. This is not a time for using communication as a PR opportunity or attempting to pull the wool over people’s eyes. Nor is it time to pull down a veil of silence.  Communicate effectively throughout the incident (and afterwards) in an honest and transparent manner about the breach, the impact, what you are doing to address the impact of those affected.

Next Steps…

Data breaches have become a regular feature of modern life, and one that will have affected most of us by now. This will continue as long as efficiency and ease of data access trump security, a state of affairs which makes economic sense for many organisations, at least until they suffer their own data breach. Once a breach happens, the value of security as a business enabler becomes clearer.

The real difficulty lies in acknowledging that breaches are inevitable, and that resources invested in advance can pay dividends when a crisis occurs. It takes maturity for an organisation to recognise it cannot control the narrative after a breach becomes public, and that leadership involves being honest and transparent with customers to maintain credibility in difficult circumstances.

A robust data breach response includes developing a plan, regular scenario planning, taking decisive action and managing the message. These actions will involve a wide range of internal stakeholders, and may involve the services of external crisis management and media experts. Once a breach happens, swift decision-making requires accurate data. Organisations need to take stock now in order to ensure that they are fully prepared and engaged to deal with these ever-emerging security challenges, before it’s too late.

Read more: The Next Generation of Assessing Information Risk

About the Author
Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cybersecurity, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was senior vice president at Gartner.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags managing directorSupply ChainRespondCSOSteve Durbindata protectionCSO AustraliaPR opportunityEnex TestLabdata breachesGartnerInformation Security Breaches

More about 24/7AssuranceCSOEnex TestLabGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Durbin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place