Imagine you have had a data breach and your only support is Google. That’s an increasingly common story. So, let’s rewind and consider how organisations can get into this situation, highlighting potential oversights that could make a risky situation dire.
The story starts when cyber-attackers target your organisation. You don’t know this, but they’ve been watching your activity online. Particularly the PA to your Commercial Director.
This colleague is a highly respected member of your team. Loyal, hardworking, and trustworthy. They’ve also completed your security awareness training. Well, all except one module when they were off sick. But this morning, they are under pressure, they have multiple documents to complete ahead of a board meeting.
Meanwhile, the attackers send a perfectly crafted email just before the colleagues' lunch break. At a glance, it looks legitimate. So, in a momentary lapse of good judgement, they click on the link in the email.
Oversight 1: The PA was not sufficiently security trained
The PA did not feel they could ask to take time for missed training. Maybe that module would have informed about looking for fake emails, even when under pressure.
Ten minutes later, someone in sales calls your IT helpdesk, they can’t open a folder. IT creates a ticket and flags the issue as a medium priority, they put it in their queue.
Oversight 2: Your IT helpdesk did not ask sufficient questions when called
They’re not sufficiently educated in data breach risk and failed to prioritise the issue correctly.
An hour later, IT return to the ticket and look at the problem file, by now it’s too late. Instead of a minor file issue, they see a serious data breach and a ransomware message.
Oversight 3: You do not have cyber monitoring on your servers
You thought your system was safe enough, data breaches and cybercrime happen to other businesses, not yours. Yet, silently in the background, a payload is rapidly downloading.
Active monitoring would have spotted the breach the moment it happened and the damage would be minimal, instead, the situation is now critical.
You decide to form your Computer Emergency Response (CERT) team quickly. It is the first step in your Incident Management Policy. You know data breach emergencies like this demand attention from many areas of your business: the CEO, IT, your press office, key people from administration and other departments.
It is vital you collectively handle communication and recovery in the right way, assuring customers and the media at every stage. But this week, your Head of PR and Administration Manager are on holiday. That’s two key members out of the office. Your policy doesn’t cover this situation. You have knowledge gaps in your CERT.
Oversight 4: You do not have a contingency when CERT members are absent
So, what happens next? It turns out, that your incident management policy is five years old and incomplete. You diligently started it, but much has changed since then.
Your technical team are concerned, do they switch everything off and cease operations or leave the system running and risk further data breaches and damage?
Oversight 5: Your Incident Management Policy is not comprehensive or up to date
Someone decides to search on Google (on their phone as your system is not accessible)… incident response services… A list of specialists appears in the results.
But they’re talking about high emergency rates for non-contracted clients and to create a contract, you need time (and a usable system) to sign NDAs and generate purchase orders.
Oversight 6: You have not got a contract with a cybersecurity specialist
No outside specialist is set up to prioritise your problem at speed. The cost of recovery will be higher as you search for a provider able to help.
Meanwhile, time moves on. Operational downtime is expensive, and your reputation hangs in the balance. If only you had given the risk of a data breach attack the priority it deserved at the last board meeting.
How can a data breach happen?
The most feared method of attack is from malware. Cyber-attackers research your business to deliver a targeted and carefully planned attack. They uncover vulnerabilities and use them to infiltrate your system.
Alternatively, attackers might be opportunist. Stumbling across a weakness to exploit or simply attacking indiscriminately.
Aside from malware, data breaches can happen due to an insider leak. For example, we’ve seen data breaches when organisations do not follow a thorough exit process. This can lead to a dismissed employee having access to systems for some time.
Another common data breach method is purely accidental. Not following security procedures, or an employee making a mistake that compromises the entire system. This situation often creates vulnerabilities for opportunist attackers to spot.
Who is at risk of a data breach?
The short answer is everyone. Whilst certain business sectors or geographic locations are at higher risk, every business working online is at risk of attack.
Your supply chain can also put you at risk. Your organisation might keep excellent security practices, yet a supplier might create a vulnerability that lets a determined cyber-attacker gain access to your system.
A data breach not only costs you operational downtime and expense to put things right, but it also risks your reputation too. For most brands, the latter is more harmful. A loss of customer confidence, a share price tumble – these things affect business for years to come.
Why opt for contracted incident response services?
You can mitigate your risk of data breach damage by maintaining an incident response service contract with a specialist provider.
Should the worst happen, they’ll be ready to respond instantly. You are more likely to discover the attack quickly and your team will know exactly what to do. Cybersecurity specialists will also be on hand to help you manage the incident effectively, reducing damage to your business.
There is more to an incident response contract, though. Once in place, your contract enables advice and guidance on your internal Incident Management Policy. It also includes annual testing of your policy to eliminate oversights. Should an attack occur, you will know it delivers.
Incident response specialists do not just wait for something to happen, they are actively helping you build your resilience to a data breach in the first place.
Many organisations consider an incident response contract as insurance. Should you experience an attack, you know exactly what to do and have instant support on tap, a contract will lessen damage to your business.