Breach Detection and Response: The Key to Cyber Security

When you’re ready to go home at the end of your working day, I have no doubt that you carefully lock up and secure your business’ premises and, in all likelihood, set your alarm system so it will detect any attempt by a criminal to break in. Just as there are criminals who want to break into your physical premises, so too are there cyber criminals who want to break into your cyber premises – the IT systems, servers, data and applications on which so much of your business relies.

In fact, according to many security experts, the chances of a virtual break-in are far higher than the chances of a physical break-in, and so preparing for such threats and developing a robust breach defence and response plan is key.

To better assess your risk, level of protection and preparedness, here are some insights and key questions you should ask yourself:

1. What digital assets and data may be most at risk?

In many respects, this is the easiest place to start because the bad actors are well known. They are criminals looking for a financial reward – seeking credit card and identity data. Or they can be cyber-activists (often called hacktivists), looking to take down or deface websites and cause embarrassment. Do you have such digital assets? Where is your data stored and how well is it protected? And are all your digital assets appropriately protected?

It’s not always the most obvious information that can be at risk. According to Gus Coldebella, a cyber-security law expert and former general counsel to the U.S. Department of Homeland Security, legal requirements mandating that companies disclose breaches of personally identifiable information – like the laws we have in place in Canada – may lead them to overinvest in protecting such data at the expense of other important information (such as intellectual property, sensitive executive communications, or even private conversations whose disclosure could cause embarrassment).

2. What are the consequences of a breach?

If data from your company is stolen or altered, who will be affected and how seriously? Data losses often lead to financial losses, and can affect groups beyond your company, such as customers, clients, or even business partners. In some cases, especially with health or financial information, regulatory and legal liabilities will be a factor. And then there’s your reputation – even if they are not directly affected, your customers could still be left with a sense of uncertainty and mistrust.

3. How long might it take you to detect a breach?

And how much information could have been exfiltrated in that time? Research suggests that businesses are rarely aware of a breach until well after it has occurred. According to a recent survey of 225 IT and security professionals in the U.S. and Canada, only 24% reported being able to detect a breach within seconds or minutes, while over 75% admitted detection would take them hours, days or longer.

4. How extensive should your communications be?

When it comes to your business’ communications during crisis events, my default advice is for full, open and immediate disclosure to all affected stakeholders. In a data breach, the worst damage has usually already been done by the breach itself, and companies may compound that damage when they fail to take full responsibility, or sidestep and delay with their release of information. At the same time, however, I am not blind to the legal and regulatory liabilities that can be exposed through a data breach and the need to be cautious about communicating in an accurate and organized method.

5. Have you rehearsed your plan?

Every company today should have a breach response plan. But what’s nearly as bad as not having one is having a plan that has never been rehearsed. The last thing you want is to be feeling your way through such critical actions during the full heat of an actual data breach. Take your plan down off the shelf and put everyone who will be involved in its implementation through their paces on a regular basis. Not only will this prepare them for the real event if it happens, it may also identify new threats or amendments in this ever-shifting arena that may have emerged since you first wrote the plan.

The bottom line

Unlike a break-in and robbery at your physical premises, a data breach can potentially cost you much more than some stolen merchandise. Having the proper cyber security in place is as important today as burglar alarms and strong locks on your premises have always been in the past.

How well is your business protected against a data breach? How ready are you in case one happens? Please share your experiences in the comments.