In-depth

How to react to a data breach

Anonymous security execs outline steps to respond to a successful cyber attack

Organisations should have plans in place to deal with any security breach and its aftermath, delegates were told at this year's Infosecurity Europe conference. 

In a panel discussion held under Chatham House rules, security experts from high profile organisations were granted anonymity to tackle the task of dealing with a fictitious security breach.

Advertisement - Article continues below

The panellists were told they work at an imaginary telecoms operator, reacting to an incident in which a hacker had stolen a database of millions of customers and a ransom demand sent. 

Keep communication lines clear

The panel said there was a need to have clear lines of communication between different departments. The legal advice was to not contact the hacker with the ransom demand, but to call in law enforcement to let them be aware that a situation had occurred.

Also, it was important to inform the Information Commissioner's Office (ICO) of any breach within 24 hours, even if any information about the incident is scant. Panellists warned that while the ICO would be helpful, it would ask questions of the organisation in order to get as much information about the breach as possible. Among the questions would be how the breach occurred, who was affected, what steps were taken to mitigate the attack, as well as questions over broader security policy.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

One panel member said that law enforcement should only be brought in where an organisation is serious about a crime being investigated and suspects prosecuted, otherwise, it would be a waste of police resources when there were plenty of other investigations to be carried out elsewhere. He pointed out that the police are there to "help businesses get back to business as usual".

Don't pay the hackers

Panellists were quick to agree that any ransom demand should not be paid, as criminals cannot be trusted to make good on any promise they make about the data they have accessed.

Another panel member said that in terms of public relations, organisations have to be careful with what they share about an incident externally.  

One panel member acting in the role of head of the fictitious telco's security operations centre said that it may be a good idea to take any affected system offline temporarily to ensure criminals cannot access further data and to allow security professionals to carry out investigations. Potential insider threats should also be investigated.

Advertisement - Article continues below

During the exercise, panellists were told that news of the fictitious breach had got out to the wider world. It was important, delegates were told, that this would mean the organisation would have to know exactly what had been breached to counter false claims that would inevitably spring up around the incident.

After such an event, it was important then to brief the press, be honest and open about the incident and say sorry for the inconvenience caused by the breach rather than the incident itself. 

Anticipate a breach

Panellists advised any organisation to not only plan for when a breach would inevitably happen but to also practise dealing with a breach throughout the organisation. This would better prepare businesses should a breach happen to them. It would be important not only to plan for a breach response with senior people within an organisation but also their deputies, as a breach may occur when senior staff are not around.

Advertisement - Article continues below

After the session, PwC partner and panel chair Richard Horne, said the most important thing companies need to be prepared for is how to handle a breach and limit the impact on customers, the company, and its value.

"Badly handled breaches can have a significant impact on companies and their value," he said.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020