Data Breaches Are A Matter of When, Not If. So What Do You Do_ - Seceon

1. DataBreachesAreAMatterofWhen,NotIf.SoWhatDoYouDo?-Seceon +1(978)-923-0040 info@seceon.com Data Breaches Are A Matter of When,NotIf.SoWhatDoYouDo? byPushpendraMishra Datasecurityisoneofthemostimportantprioritiesforbusinessesaroundtheworld. However, justlikea physicalsecurity systemcan onlydeterthethieves,cybersecuritysolutions andmeasurestoocanonlydeterbutnotnecessarypreventthe attack.Nosetofsecurity measuresiscompletelyinfallibletoabreach.Sodatabreachesare amatterofwhen,notif. Mostbusinessesare vulnerabletoabreachandare expectedtobepreparedforsuchanevent toensurebusinesspreservationandcontinuity.RecentexamplesofEquifaxbreach,Russian hackingUSgridandIranianhackersof300+universitiesinUSandabroadcertainlyaddstothe urgencyforapost-breachplan. SmitKadakia,ChiefData Scientistand Co-founderofSeceon(alsoamachinelearning expert) andIwererecentlychattingaboutwhatorganizationsmustdo,notonlytoprotectthemselves butalsohave awell laid-outplanofactionshould they getbreached.AccordingtoSmit,“Itis prudentforanenterprisetoputtogetherawell-marinatedactionplanwithminimal impactto the organization’s employees, customers and partners.” and suggested a ve-step approach thatbusinessestodaymustperformpost-breachtominimizeriskand forresponsiblehandling and reporting.

2. DataBreachesAreAMatterofWhen,NotIf.SoWhatDoYouDo?-Seceon Actionsthatabusinessmustperformpost-breachforresponsiblehandling and reporting First and foremost, the highest priority datasets and their specic content must be identied at the same time as implementing any cybersecurity measures and should not be an afterthought once the breach has occurred. Assessing the damage will entail working through all of your important data assetsinthe orderofpriority. The stakeholders must be appraised of the breach and should be continually updated of the ndings. Also, some stakeholders must have aplanofinternalcommunicationaswellasexternallyasrequired. Second, the containment must be done swiftly and in parallel to the damage assessment and stakeholdercommunication.The time elapsedbetween the attackand the containment is crucialtothe amountofthe damageabusinesswill incur.So,the containmentshould preferably be in or near real-time. Some of the methods of containment include moving the infected assets to a quarantine area,halting the backup process to minimize the spreading of theinfection,blockingtheexternalattackerordisablingthecredentialsofanattacker. Networking devices, endpoint security tools or an authentication service can help accomplish such containment.However, a unied security solution that can manage all of these disparate artifactswillspeedupthecontainmentandbemoreeffective. Once the breach is detected, recording of the details is absolutely necessary to manage post- breach and post-containment fallouts. It is highly recommended to maintain encrypted records of your security postures off-site so these are themselves not compromised. The records must include details such as, speci c actions taken to isolate effect of the breach on valuable data, specic impact, time of the breach, duration of the breach, the effectiveness of the containment, communication employedandthe audiencefeedback.Thesedetailswill notonly helpin presentingtostakeholders,customersandregulatoryauthoritiesbutalsoinperforming retrospection forimprovedfuturepreparation. Third, business continuity is of paramount importance and can be achieved through means, suchas,failoverinfrastructure architecture,disasterrecoverysites,off-site back-up/restore methods, application of a patch, etc. Typically, contemporary hybrid and cloud infrastructures allow almost instantaneous switchover to a different and unaffected location for accessing critical data while the breach is being investigated and addressed. Preparation must include detailing the steps and assigning responsibilities to ensure smooth transition. The goal is to ensure that the mitigation for future attack prevention is handled with a good balance between theshort-termquickband-aidandthelong-term exposuretothebusiness. Fourth, most industries have to comply with their specic regulatory authorities. For example, businesses dealing with patient data in US must comply with HIPAA regulations. Maintaining continuous compliance with these regulations and archiving audit records will minimize the effectsofthedamage.Also,theplanmustincludedesignated responsibilityforlaw enforcement reporting.Lawenforcementactivitiesshouldberecorded and reported to preserve the image of the business. Compliance to regulations such as GDPR require reporting andrecordsofsuchreportingtostay compliant. Fifth, one of the key objective for the post breach operations is to mitigate the risk. The 2018 costofdatabreachstudy conductedbyPonemonInstitutestates“Theaveragetimetoidentify a data breach in the study was 197 days, and the average time to contain a data breach once identied was 69 days”. The risk associated with the breach is directly related to the time to identify the breach. The best security protection can only be achieved by the solution and the staffthatthrivesfornearreal-timethreatdetectionandcontainment. Customers must be completely on board with the security readiness.The readinessmust encompassbothpreventionofattacksand post-breachmanagement. Customer communicationmustincludefulltransparencyandintegrityoftheirdatasecurityandalsoset theexpectations,shouldthebreachhappenandalsominimizesurprisesduringthepost-

3. In conclusion, security operations should be akin to a management system and, in that respect, automation to detect and respond quickly will play a very important role. Such a solution will give a business a good chance of effectively managing the post-breach scenarios. Thus, wide variety of tools is not necessarily an answer. A more comprehensive solution, good preparation and a goal-oriented security management will likely be a much more effective approach. Address - 238 Littleton Road Suite #206 Westford, MA 01886 Phone no - +1 (978)-923-0040 Email Id - sales@seceon.com Website - https://www.seceon.com/