Data center managers, administrators and security teams spend an awful lot of time bolstering security at their facilities to prevent a breach. And why wouldn’t they? Security is at the heart of every data center. If you cannot protect the data of your clients and keep their information private, you’ll hemorrhage business.
It makes sense, then, why the primary focus is preventative security measures. Stopping a breach is becoming more important every day. In 2015 alone, there were 267 publicly-reported data breaches. Since 2005, the total number of data breaches was over 5,300, affecting more than 900 million records.
Here’s the skinny—data breaches are practically inevitable, so, along with prevention, you should prepare for its eventuality.
While most companies believe they are prepared for such an event, the truth is, they probably aren’t. In 2015, it took an average of 98 days for financial companies to realize a data breach had occurred in their systems. Such ignorance isn’t cheap — the average daily cost of a data breach is more than $21,000. Do the math, and you’re looking at $2 million — at least.
After a breach happens, your focus must shift. It’s no longer about preventative measures but reactive ones. There are crucial questions to consider:
Perhaps the most important step in your cybersecurity plan is detailing what you will do after a breach. Here is a five-step plan for getting you and your business ready and restoring data after an attack has occurred.
Before you do anything, you must figure out what happened. How did the hackers get in? What information did they steal? Who has been affected by the breach?
This requires working directly with your security or IT team. Then, work fast to identify the affected systems and isolate them as best as possible. If the hack happened through specific devices, then isolate them. If it’s currently affecting several portals or servers, isolate them instead.
A breach doesn’t mean you must shut down. You may need to leave the servers or systems operational so you can collect the appropriate evidence. Spend time blocking access to those systems using firewalls and other tools. Effectively remove them from the public internet and eliminate all public access.
Then, if you haven’t already, begin removing authorized users so you can assess the existing data and information without new stuff coming in or going out. This will also make it easier to find and identify the perpetrator.
As soon as you realize there’s a breach -— or even think there may be one — act. It’s easy to think of timelines as hours or days, but it’s more like minutes and seconds. With the appropriate access, hackers get in and out quickly, so speed is of the utmost importance.
If you think there’s a breach or there’s even a sliver of a chance there was, then treat the situation like it happened for sure. Every second you wait to act is another that hackers could be using to extract more information or data.
As soon as you know a breach or attack occurred, inform your customer base. Transparency is incredibly important, especially when it comes to sensitive data and private information. If you keep the breach from everyone and it causes a bigger problem, your clients will likely be unhappy they didn’t hear it from you at the outset.
It’s natural for organizations to fear a bad reputation after the public acknowledgment of an attack, but how open, prompt and accurate your response is to the situation will show everyone your true colors. Were you organized and prepared? Did you react quickly and take control of the situation? Did you put everyone’s mind at ease and handle the problem well?
Data breaches and intrusions are not as cut and dry as you may think. There may be legal ramifications completely out of your control. Will you need to pay restitution or fines? What parties are involved and who do you need to communicate with? Who are the real victims? What damage will the breach cause beyond your business?
Home Depot is still going through litigation for a major point-of-sale heist that happened back in 2014. Hopefully, you have better measures in place in the event of a breach, but if there is one, you might end up in the middle of a long, drawn-out process that you can’t just sweep under the rug. If that’s the case, you’ll need proper legal counsel and a solid strategy.
When we imagine a hacker, we generally imagine a guy with a hoodie covering his head in his mother’s basement, but it could also be someone within your organization. According to intel from this year, 58% of breaches originate from inside a business. Revoke administrative privileges or user access until you’re sure your system is secure.
We’re not telling you to be paranoid and start pointing fingers at your internal teams and workers, but pay attention. Conduct an investigation to find out what went wrong and how the intrusion happened and make sure it never happens again.
That’s not to say another breach will never happen, but you don’t want a repeat offense of the same exact attack or breach because you didn’t do enough the first time around.