IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

How to react to a data breach

Anonymous security execs outline steps to respond to a successful cyber attack

A padlock on a motherboard surrounded by keys

Organisations should have plans in place to deal with any security breach and its aftermath, delegates were told at this year's Infosecurity Europe conference. 

In a panel discussion held under Chatham House rules, security experts from high profile organisations were granted anonymity to tackle the task of dealing with a fictitious security breach.

The panellists were told they work at an imaginary telecoms operator, reacting to an incident in which a hacker had stolen a database of millions of customers and a ransom demand sent. 

Keep communication lines clear

The panel said there was a need to have clear lines of communication between different departments. The legal advice was to not contact the hacker with the ransom demand, but to call in law enforcement to let them be aware that a situation had occurred.

Also, it was important to inform the Information Commissioner's Office (ICO) of any breach within 24 hours, even if any information about the incident is scant. Panellists warned that while the ICO would be helpful, it would ask questions of the organisation in order to get as much information about the breach as possible. Among the questions would be how the breach occurred, who was affected, what steps were taken to mitigate the attack, as well as questions over broader security policy.

One panel member said that law enforcement should only be brought in where an organisation is serious about a crime being investigated and suspects prosecuted, otherwise, it would be a waste of police resources when there were plenty of other investigations to be carried out elsewhere. He pointed out that the police are there to "help businesses get back to business as usual".

Don't pay the hackers

Panellists were quick to agree that any ransom demand should not be paid, as criminals cannot be trusted to make good on any promise they make about the data they have accessed.

Another panel member said that in terms of public relations, organisations have to be careful with what they share about an incident externally.  

One panel member acting in the role of head of the fictitious telco's security operations centre said that it may be a good idea to take any affected system offline temporarily to ensure criminals cannot access further data and to allow security professionals to carry out investigations. Potential insider threats should also be investigated.

During the exercise, panellists were told that news of the fictitious breach had got out to the wider world. It was important, delegates were told, that this would mean the organisation would have to know exactly what had been breached to counter false claims that would inevitably spring up around the incident.

After such an event, it was important then to brief the press, be honest and open about the incident and say sorry for the inconvenience caused by the breach rather than the incident itself. 

Anticipate a breach

Panellists advised any organisation to not only plan for when a breach would inevitably happen but to also practise dealing with a breach throughout the organisation. This would better prepare businesses should a breach happen to them. It would be important not only to plan for a breach response with senior people within an organisation but also their deputies, as a breach may occur when senior staff are not around.

After the session, PwC partner and panel chair Richard Horne, said the most important thing companies need to be prepared for is how to handle a breach and limit the impact on customers, the company, and its value.

"Badly handled breaches can have a significant impact on companies and their value," he said.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022