Improvements to Make During the Aftermath of a Breach
With phishing, ransomware and account hacking on the rise, many companies have taken steps to further protect themselves and their data-in-motion. Preventive measures will decrease your risks, but what do you do if you are breached? How do you handle the aftermath?
A number of questions arise: “What did we do wrong?”, “How could this have been avoided?”, “What can we do better?”, and, of course, “How do we get back to normal?”.
In the aftermath of a breach, it is crucial to consider not only how to harden the environment from an IT standpoint, but also how to build a maintenance plan. The lessons learned to ensure you’re not breached again are to determine ways to improve detection and response, available skills, and communication. This is also the time to strengthen your cyber insurance and governance.
How Do You Improve in These Areas?
- Regarding detection and response, such as implementation of a managed detection and response service, you need to assess what you had in place and identify what is missing in order to further protect your environment.
- Identify what available skills your team has that can be further utilized. Increase staff training and security awareness programs throughout the company to ensure all end users understand security protocols and best practices.
- If communication breakdowns occurred, make sure an improved incident response plan is built including access to the right level of security and forensics skills. Consider an incident response retainer.
- If cyber insurance is incomplete, focus on a policy with the right levels of protection as well as connectivity with the incident response plan to ensure timely notification in order to receive compensation.
- In the area of governance, learn from the breakdowns and rebuild confidence by gaining buy-in with leadership on the importance of not only a plan, but a regular testing strategy.