Nettitude Blog

10 Steps to prepare for a data breach

Posted by Adrian Shaw on Mar 23, 2017 2:00:15 PM


Every day, over 3 million records are compromised from companies around the world. The fact is that cyber threats are no longer a question of IF, but WHEN, a breach will occur. It is vital for your company to have a cyber security plan in place so that you are ready to act if your organisation experiences a data breach.

We’ve simplified a 10 step process to help you prepare for an attack. If you think your systems have been breached, please contact our 24/7 security team immediately at

[av_hr class='custom' height='50' shadow='no-shadow' position='left' custom_border='av-border-fat' custom_width='310px' custom_border_color='#707070' custom_margin_top='30px' custom_margin_bottom='30px' icon_select='yes' custom_icon_color='' icon='ue824' font='entypo-fontello']

1. Change your mind-set

3.04 million Records compromised every day

126,936 records compromised every hour

2,116 records compromised every minute

35 records compromised every second

Information Security has traditionally focussed on securing the perimeter of the network. With the evolution of mobile devices, the perimeter is becoming less well defined. In addition, attackers are increasingly able to evade perimeter defences. Nevertheless you should still continue to focus on defending your network, but not exclusively. You should bring breach detection and Incident Response readiness into your defensive repertoire. If you get into the mind-set that you WILL be breached, you will prepared in the event of one.

2. Produce Incident Response Policy & Planning Documents

99% of computer users are vulnerable to exploit kits (software vulnerabilities)

Preparation is the foundation of data breach management. Statistically speaking, it is close to absolute certainty that if you are a computer networked organisation, then you will be attacked. As society becomes more computer literate and the availability of free hacker tools increases, the chances of one or more of those attacks being successful also increases. Developing an Incident Response policy and planning documents is a critical step in preparing for a data breach.

3. Do you know all your valuable Assets?

52% of the 2016 data breaches, the exact number of data records were unknown.

Assets are at the heart of any company and need to be maintained and secured correctly to help minimise the chance of an attacker accessing them. Follow the below steps to keep your assets secured:

  • Develop a full asset register that is regularly updated.
  • Identify the critical assets in your organisation and develop a risk profile for each of those critical assets.
  • Establish the threats to those systems and understand the impact of any degradation of availability of them.
  • Ensure that, wherever possible, that you have failover capability for critical systems and that persons with authority to approve the taking critical systems offline, are identified.

4. Update your Network Diagram!

In 60% of cases, attackers are able to compromise an organization within minutes.

One of the first items a Certified Incident Response Team (CIRT) will ask for is a network diagram, so make sure you have an up-to-date network diagram in place. Identify internet facing systems, especially those that will accept user logon credentials. Care should be taken when storing this document and access to it should be strictly limited, as the information in it is of high value to attackers.

5. Simple Threat Intelligence

In 2016, there have been 454 data breaches with nearly 12.7 million records exposed.

A threat intel/analysis exercise needs to be carried out to understand what threats your industry sector faces and what tools, techniques and procedures your adversaries will use against you. This information can be leveraged to better protect your critical assets and develop detection rules for the tools and techniques that your attackers will be using.

6. Strategic Partnerships

In 93% of breaches, attackers take minutes or less to compromise systems.

Establish partnerships with both internal and external organizations who can assist you in a breach. The fundamental departments to include in this are HR, Legal and PR departments in your Incident Response testing and education programmes.

Identify third parties who can provide specialist assistance during a breach and external parties who will need notifying in the event of a breach. If you are able to, develop information/intelligence sharing with other organisation in your business sector. Establish if your local Law Enforcement agency has a computer crime unit and have their number on hand in the event of a serious data breach.

7.  Have you tested your plan?

Only 38% of global organizations feel prepared for a sophisticated cyberattack.

Gain some assurance around your preparations. At the very least you should test your Incident Response (IR) plan. This can be in the form of a table top exercise or a more sophisticated simulation based on your threat analysis. The objective is to ensure that your IR plan is fit for purpose and robust enough to deal with a broad range of scenarios. Learn the lessons from such tests to remove any weaknesses or gaps in your Incident Response plan.

8. Educate your staff

30% of phishing emails are opened. And about 12% of targets go on to click the link or attachment.

Educate your staff around matters relating to incident detection and response. End users should be trained to identify suspicious activity and phishing scams. They should also be trained to report suspicious activity and the reporting method should also be referenced in your IR plan and ‘Acceptable Use Policy’. Educate IT staff to triage suspicious incidents and understand how their actions during triage can impact on an Incident Response investigation, this should include how and who to approach in this instance,

9. Monitor, Log & Collect

63% of confirmed data breaches leverage a weak, default, or stolen password.

Review logging capability and configuration across your organisation to see if it can be leveraged to assist in any future data breach investigation or used to detect intruders inside your network. The log review should encompass application logs, security appliances and management software such as Group Policy. Develop retention policies for log data develop processes for managing large volumes of log data.

10. Detect the breach!

In 7% of breach cases, the breach goes undiscovered for more than a year.

Your ability to detect data breaches will largely be dependent on the people, processes and technology within your organization. Your IT staff should have processes in place to review log data that you have configured in your environment in order to identify anomalous records that might be worthy of further investigation. Similarly, logs from IDS/IPS, anti-virus and other security products should be reviewed regularly for anomalies. A robust process for log reviewing would be to automate that process by implementing a SIEM solution.

Ready to take your organisation’s cyber security to the next level?

For more information on data breaches throughout the past decade, we have identified the following article as an excellent resource, providing the latest statistics for geopolitical attacks

Nettitude provides a variety of services to keep your company safe from cyber threats. Speak with a specialist today by emailing us at



To contact Nettitude’s editor, please email

Topics: Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

In 2018, Nettitude became part of Lloyd’s Register, an 8,000 person strong professional services organisation, with 300 years of heritage in safety and risk management. Nettitude now provides true global coverage, through a network of over 180 offices strategically placed around the globe.

Subscribe Here!

Recent Posts