Data Breach | Resilence

Since the companies started to take a active actions on their cyber-defence, they started to realized that didn't matter the actions that they were taking, soon or late a security breach would happened. Then, the question mark change from if to when. In that moment the companies started to work on their cyber resilience. Developing incident response techniques and protocols to minimize the impact, shorten their recovery time and be able to audit the data breach to both, accomplish with the country's legislation and minimize the impact on their costumers. 

 


The companies response after a data breach since they figured out that they suffer it till the problem is mitigated can be  summarized like this:

  • Contain the Bridge: Once the organization realized that their security has been breach, It needs to understand, respond and address the vulnerability. The National Cyber Security Center (NCSC) recommends to follow 9 steps in order to contain a data breach:
  1. Immediately disconnect the infected computers, laptops or tablets from all network connections or mobile phone based.
  2. Consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
  3. Reset credentials including passwords (especially for administrator and other system accounts) - but verify that you are not locking yourself out of systems that are needed for recovery.
  4. Safely wipe the infected devices and reinstall the OS.
  5. Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you're connecting it to are clean.
  6. Connect devices to a clean network in order to download, install and update the OS and all other software.
  7. Install, update, and run antivirus software.
  8. Reconnect to your network.
  9. Monitor network traffic and run antivirus scans to identify if any infection
  •  Assess the risk: Once the threat has been controlled, is time to assess the damage suffered by the organization. There are certain key points that must be answered in order to make a realistic evaluation:
    • Which data was involve?
    • How sensitive is that data?
    • How many people is affected?
    • Who is affected?
    • Does the breached information contains financial information or high risk data?
    •  Is it encrypted?
    • Does the organization has backup of the data?
  • Notify the data breach: In many cases and it depends of the data compromised, the organizations have to notify to the regulators and to the affected individuals that a data breach has occurred. Under the GDPR regulations, the companies have 72 hours from the time that they become aware of a personal data breach to report to the supervisory authority. In the UK this authority is the Information Commissioner's Office (ICO). They also must provide details of how it happened, the data affected, how many data subjects are involve and how they responded to the incident. Here is where the importance internal audits pops up.Companies that follow a good practices like internal audits, would be able to accomplish with the ICO requirements easier that one which doesn't.

    It also is a must to notify to the people who is involve on the data breach, that some of their data has been compromised, detailing as well the type of data. It would be also a good practice to try to assist to the affected individuals, giving them security advises in order to help them to minimized their security risk.

    After the breach is reported a investigation by the law enforcement organization is likely that is going to happens. It is also likely that they may request to implement changes on its data protection practices to minimize futures data breaches. The organization have to implement the requested changes, otherwise they will confront penalties up to £17.5 million or the 4% of the annual global turnover.



Comments

Post a Comment