Improvements to Make During the Aftermath of a Breach
With phishing, ransomware and account hacking on the rise, many companies have taken steps to further protect themselves and their data-in-motion. Preventive measures will decrease your risks, but what do you do if you are breached? How do you handle the aftermath?
A number of questions arise: “What did we do wrong?”, “How could this have been avoided?”, “What can we do better?”, and, of course, “How do we get back to normal?”.
In the aftermath of a breach, it is crucial to consider not only how to harden the environment from an IT standpoint, but also how to build a maintenance plan. The lessons learned to ensure you’re not breached again are to determine ways to improve detection and response, available skills, and communication. This is also the time to strengthen your cyber insurance and governance.
How Do You Improve in These Areas?
- Regarding detection and response, such as implementation of a managed detection and response service, you need to assess what you had in place and identify what is missing in order to further protect your environment.
- Identify what available skills your team has that can be further utilized. Increase staff training and security awareness programs throughout the company to ensure all end users understand security protocols and best practices.
- If communication breakdowns occurred, make sure an improved incident response plan is built including access to the right level of security and forensics skills. Consider an incident response retainer.
- If cyber insurance is incomplete, focus on a policy with the right levels of protection as well as connectivity with the incident response plan to ensure timely notification in order to receive compensation.
- In the area of governance, learn from the breakdowns and rebuild confidence by gaining buy-in with leadership on the importance of not only a plan, but a regular testing strategy.
Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?
Take a moment and think about your company’s network as your home. In our houses, we go to great length to secure ourselves—doorknob locks, deadbolts, smart locks. Now look at your corporate network, how do you feel about the front door of your network? Does it give you the same sense of security that the front door of your home does? This is why we need network security.
Once ransomware is resident on a system, it can be a simple money collection exercise or a means to an end to capture intellectual property. Lost intellectual property may allow an organization in another country to leap forward and deliver your discoveries.