With so much attention given to increasingly prevalent data breaches by the media these days, you might think that every enterprise would have an effective breach response plan in place. However, according to recent studies by Experian, 19% of the respondents stated that they had no breach response plan, and of the 81% who said they had a baseline plan, only 34% felt it was effective.
The responses were even more troubling when those polled were asked about updating their breach response plan. Approximately 37% reported that they had never updated or reviewed their plan since it was created, with a mere 3% reviewing their plan quarterly and 14% doing so annually.
The "set it and forget it" approach may be great for a thermostat, but breach response plans should never be left on autopilot. Modern hackers are often highly educated with extensive experience and top-notch skills. Furthermore, many hackers work for their governments or corporations, giving them access to the latest technologies. Hackers have become increasingly adept at finding vulnerabilities that they can exploit, the Heartbleed vulnerability being just one example. Given that payouts are huge, cyber-criminals are extremely persistent at finding a way into secure networks. With the growing threat level, increasing regulations, evolving technologies and changing motives, it has become increasingly important to update breach response plans frequently. Otherwise, the plan could fail just when you need it the most.
If you are a CISO, you are likely responsible for implementing, testing and reviewing your organization's breach response plan. The following tips can help you ensure that you are taking the necessary steps to keep your plan updated.
1. Conduct fire drills at least once per month to give employees the opportunity to practice breach response
2. Monitor system activity daily to detect security alerts. Evaluate how your team would have responded to the breach if it had been successful
3. Compile historical data on successful attacks, including the vulnerability exploited and the performance of the response team
4. Meet with your breach response team on at least a monthly basis. Discuss gaps in the plan that team members have identified, review the response checklist for missing or superfluous steps, ensure that your breach notification plan is current, discuss budget considerations and share information on new threats that have been identified by security analysts around the world
5. Identify employees who may need additional training, especially customer service representatives and receptionists tasked with responding to external inquiries. Provide the training as needed
6. If you are in a regulated industry, monitor changes in regulations or ask your compliance officer to keep you advised of any changes
7. If you have data or applications in the cloud, discuss your vendor's process for responding to data breaches. Ask for a copy of the vendor's response checklist, including contact information for at least two of their employees responsible for responding to breaches, and request any other information that you believe might be useful
In today's world, every organization must recognize the potential for a data breach. It is almost inevitable that a hacker will try to access your system eventually. By having an effective plan and remaining vigilant, you will have a much better chance of thwarting the efforts of hackers. However, you must also plan how to respond should the attack be successful if you want to minimize the damage to your organization's finances and reputation.
Planning for a breach and putting a response plan together may seem overwhelming. Many CISOs question where to start, but there are tools which can help. For example, a security operations platform that combines intelligent automation and collaboration into a ChatOps interface can help with scaling incident response and improving security operations beyond just when a breach occurs.