Imagine this: It’s Monday morning. Emails are piling up as usual while the coffee brews. It seems like it’s going to be the typical start of the week. Suddenly, there’s a rather frantic subject line that appears at the top of the pile. It’s from the IT department. There’s been a security breach six months ago, and they just found it.
For the last 197 days, customer data and a whole trove of sensitive company information have been running free in the hands of cybercriminals. It’s unknown exactly how much was stolen, the extent of the damage, or which employee accounts were compromised.
Think that’s a far-fetched scenario? According to a 2018 case study by IBM, it took companies just shy of 200 days on average to identify a successful breach in their own systems. The average length of time it takes to contain the damage? Another three months.
Security breaches are costly and, in many cases, fatal to a company. Here’s a closer look into one of the corporate world’s worst nightmares, why they happen, how to respond, and what can prevent them.
What Do Criminals and Intruders Seek?
In 2018, IBM discovered that the healthcare and financial sectors were the two most commonly targeted industries for hackers. These are data-rich industries containing hoards of sensitive information collected about private individuals. However, the healthcare and financial industries are far from the only targets. Often, hackers also look for easy, non-obvious targets for:
● Consumer information. From credit cards to social security numbers, cybercriminals seek this information to resell to identity thieves.
● Business data. The spate of ransomware attacks in 2019 against the government and public sector has proven costly. These attacks take critical data hostage in exchange for a large sum of money.
● Trade secrets. While IBM noted that industrial espionage isn’t as prevalent as malicious hacking, it does still exist.
● National security intelligence. Governments hack each other regularly, and sometimes governments hack foreign companies which they feel might pose a threat to their security interests.
● Knowledge. The earliest documented hacking attempts were simply people who were curious about how a piece of technology worked.
Security breaches happen for many different reasons. However, they all have the same outcomes for companies: lost business, a damaged reputation, mangled records and, in some cases, fines for compliance violations.
Security Breach Response Best Practices
The moments after discovery of a security breach can make or break a company’s chance at survival. It’s imperative to move quickly but methodically to respond to a breach. Follow these five tips to respond to a breach and get a company back on its feet as quickly as possible.
1. Identify the Breach
Following a data breach, it’s critical to take a thumbprint of the attack. Identify how the breach occurred, documenting the type of attack, what was stolen, what devices were affected, and – if possible – what network traffic appeared during the moment of the breach. Such information will inform the containment strategy to mitigate further damage.
2. Assemble an Incident Response Team
Create a dedicated taskforce of specific individuals with defined roles and responsibilities. Ideally, these roles should be defined in a disaster recovery plan so that the incident response team can simply turn to these procedures. At this point, it might be wise to consider bringing on board a third-party specialist who can help guide the response team.
3. Quarantine and Secure Systems
Since data breaches expose vulnerabilities in network security, move to quarantine exposed systems and protect those which haven’t been affected. This might include taking computers offline or shutting down a part of the network.
4. Follow Notification Requirements
Many data laws, such as HIPAA and the GDPR, require businesses to notify affected parties following a breach. While it might be embarrassing to reveal a successful attack, the consequences of not doing so are much worse.
5. Learn from the Event
Assess the causes, extent, and aftermath of a breach to understand how to prevent it in the future. A managed IT services provider can prove particularly valuable in this instance as they can provide a security assessment that reveals further opportunities to harden a company’s security.
Preventing the Next Attack: DSI Can Help
A security breach is a terrifying ordeal for any company, and it can have serious monetary and reputational consequences. However, as cybercrime only grows in prevalence, companies are scrambling to stay a step ahead of criminals after their most sensitive information. That’s why many companies are turning towards managed service providers, the inveterate specialists who can assist with responding to and preventing an attack.
DSI delivers best-in-class digital security services to companies in many industries, including healthcare and the financial sector. Contact us to start a conversation about your company’s security needs today.