What SMBs can learn from big breaches
As much as we try to avoid them, cyberattacks are a fact of life. There’s no doubting that the internet brought about heaps of benefits for both our…
Oliver Pinson-Roxburgh
CEO and Co-Founder
7th June 2022
Data breaches come in all shapes and sizes; from full data risks to minor vulnerability disclosures, all businesses will, at some point deal with the consequences of compromised or lost data. Of the 39% of businesses that reported a cyberattack in 2022, 31% estimate being attacked at least once a week, and when a breach occurs, it is the organizations responsibility to put it right and ensure they are well protected against future data breaches and cyberattacks.
Businesses that don’t have a risk management strategy, or who are limited by budget and resources tend to take a reactionary approach when faced with a breach, but by following some simple steps to security best practices, you can greatly reduce your risk of compromised business data.
This blog is a simple guide to what your organization should do in the event of a data breach, how to recover, and who to notify once a breach has been discovered. By following our 7-step guide your business can manage security incidents more effectively and plan against future data loss.
During the first 24 hours after a data breach has been discovered, you should do the following:
Every data breach carries a different level of severity and there are scenarios where it is not possible for businesses to mitigate the risk. For example, in the case of zero-day vulnerabilities, the average business’s expertise and budget can make these extremely difficult, if not impossible to find given that until the vendor is made aware of a breach, there is no way to tell if your business is at risk. In this scenario, an effective data loss prevention strategy includes the use of firewalls, keeping operating systems and software up to date and implementing staff training to reduce the risk of human error contributing to a breach.
After discovering a data breach, organizations also need to follow an incident response process that is consistent and repeatable, with a focus on documenting insights into the attack and following a triage process. This is vital to assess how the data breach may have occurred, what type of attack it is, what systems have been affected and what data has been stolen, leaked or shared.
In many cases, businesses are required to notify key governing bodies such as the Information Commissioner’s Office (ICO) when they experience a data breach, and depending on the level of risk, the ICO must also be informed within 72 hours from the time the breach was discovered. For example, if the breach involves personal data, the 72-hour rule applies even if there is limited information available about the extent of the attack. It is therefore vital that businesses understand the type of breach they are dealing with so they can take the correct action.
While businesses are not required to report every breach to the Information Commissioners Office, there are several circumstances under which the ICO must be notified if businesses believe that they have experienced one of the following data breaches:
It’s worth remembering an organization may initially suffer a systems breach which only disrupts their network service. The ICO would need to be notified of a cyber incident like this under the NIS regulation. Personal data breaches can be a consequence of a NIS attack therefore the ICO must be informed of the breach under the UK GDPR.
How you respond to a data breach is crucial for minimizing its impact, and the aftermath of discovering a breach can be a stressful time for security teams. This is a where a well-planned step-by-step process can help to ensure that breach remediation is conducted effectively.
Here’s a 7-step guide on how to manage a data breach:
Understand the type of breach, severity and the magnitude of its impact on the business and your customers:
Follow proper conduct and notify the correct regulatory bodies relating to the type of breach that has taken place. For example, the ICO will need to be informed of a systems breach under the NIS regulations and a personal data breach under the UK GDPR.
Is the data breach a case of ransomware? If it is, then be as clear as possible whether you are being held to ransom for the data that has been captured. It’s important to understand what data is at risk and whether it has already been exposed. Additionally, it’s crucial to understand whether a ransomware attack is preventing access to the captured data which makes it more difficult to access and control its use.
Communication is key. Be transparent with customers once you are 100% clear on what has happened. Clearly outline the consequences of the breach, who it affects, and reassure them of how your organization is handling the situation post-breach and what measures are being implemented to mitigate future data breaches.
Have a process in place to absorb any backlash and concern expressed by customers. Outsourcing communications to a PR agency can be beneficial or appoint a board level representative to issue a formal statement at the appropriate time. Furthermore, not communicating the breach to the data subjects affected can lead to a fine and result in businesses suffering reputational damage.
As part of your post-breach remediation, data exposure monitoring on a monthly or annual basis will reassure customers on whether your data has been exposed and what, if any, customer data has been stolen, leaked and shared on the internet or dark web.
It’s crucial for an organization to implement an incident response (IR) plan, if one does not exist already. An incident response plan is a proactive approach to deal with a cybersecurity attack and help with preparation, decision-making and stress management under high-pressure situations.
Post-breach incident response plans can also help streamline the remediation process. Managing a data breach in a practical and orderly way can give stakeholders peace of mind and help get businesses back on track.
Have a breach response evaluation and assessment meeting detailing lessons learnt, what has been actioned, and what needs to be addressed to prevent future cyber breaches. Empower your workforce using training videos to elevate their cybersecurity awareness and test their knowledge.
With hackers becoming more sophisticated in how they breach an organizations network, there are numerous ways to breach an environment and exfiltrate data. If an organization is unprepared and doesn’t have the necessary incident response plan in place, a data breach can be disastrous and costly. However, there is light at the end of the tunnel. Post-breach remediation strategies will help organizations resume business operations whilst cybersecurity experts scrutinise and undertake the necessary measures in understanding the cyberattack and remediating accordingly.
Oliver Pinson-Roxburgh
CEO and Co-Founder
Share this article
Get in touch today to start your free trial of Defense.com™ and discover how we can help you take the stress out of your cybersecurity.
As much as we try to avoid them, cyberattacks are a fact of life. There’s no doubting that the internet brought about heaps of benefits for both our…
Cyberwarfare is a present-day threat when conflict between two nations develop, with…
Discover how you can reduce the overall impact of a data breach and improve your ability to detect and respond to threats with SIEM technology.…
The nature of SMB business means they typically have increased operational agility compared to their mid-market and enterprise counterparts…
Get actionable cyber security advice and insights straight to your inbox.