twixx - Fotolia
With the frequency of mega breaches continuing to rise, several security experts believe the best approach is accepting the fact that companies are likely to get breached at some point.
Embracing this mindset will allow companies to focus on what their breach response is going to be like, said Jon Siegler, co-founder and chief product officer at Chicago-based SaaS startup LogicGate.
"The market is really going to judge you on how you respond," Siegler said during an IT GRC Forum webinar titled "Critical actions to survive a data breach in 2019 and beyond." "How do you respond to that incident and being prepared and having that [breach response] plan in place is really going to help."
In the event of a breach, the key is speed and as much transparency in the disclosure process when communicating with customers. That's according to Stephen Boyer, co-founder and CTO at Boston-based security ratings vendor BitSight. This is where having a breach response plan comes in handy, he said.
"Companies really need to be much more efficient in [communicating a data breach] because otherwise it becomes overwhelming for those who have had the issue but also for those with whom that organization is engaging, so they can answer those questions and then take the business mitigation actions that they're going to need to do," Boyer said. "Without communication, worry and doubt fill the void."
The way that an organization is breached is oftentimes based on something very fundamental that they overlooked, a detail that someone did not follow up on, or a human error, Boyer explained.
Justin Fier, director of cyber intelligence and analytics at Cambridge, U.K.-based cybersecurity startup Darktrace, said companies should deploy tools that give them better visibility and ability to detect and take action quicker than they have in the past, but shy away from overinvesting in "shiny-blinky things for one-off problems."
Justin Fierdirector of cyber intelligence and analytics, Darktrace
"Probably the biggest frustration is collecting too many tools and then only having one or two people on the team know how to use each one of those tools," Fier said. "There's really no good spread of knowledge transfer across the entire stack, which leaves a major vulnerability when doing incident response."
Fier advised companies to move away from legacy approaches to security.
"What worked just three or four years ago does not work today, and unfortunately I just don't see a lot of companies adapting to the new cyber world that we live in," Fier said. "Machines are getting faster, we're consuming more and more data, IoT has exploded, yet we're still using the same [security] practices that we used three years ago."
Developing an effective breach response plan
A breach response plan provides a guideline for companies to follow each time a data breach is discovered, LogicGate's Siegler said during the webinar.
But a C-level executive sponsorship is imperative for a breach response plan to be taken seriously. Having that formal process in place and making sure everybody is on the same page is critically important, he added.
A breach response also has to be led from a business perspective because data breaches impact the business and not just IT, he said.
Assembling a team to devise a breach response plan is a cross-functional exercise, Siegler stressed. Too many breach responses fail when led solely by their IT department, he said.
"You want somebody to be that response manager, somebody with product management skills who can wrangle different people across the organization, who's able to communicate those plans, address any remediation that need to occur immediately and then communicate out to regulatory agencies or to your customers," Siegler said.
When crafting a breach response plan, companies often involve information security or privacy functions, Siegler said. The general counsel needs to be involved from early on, he added. Companies working on creating software or technology would want to include infrastructure and DevOps teams to help understand and mitigate any issues, include marketing or public relations for communications, and customer service to be able to directly communicate with the customers.
It is equally important for companies to test their breach response plan, just like they would test their business continuity and disaster recovery plans, and run through it like going through a real breach, he added.