There is no organization on the face of the earth, regardless of how sophisticated its security defenses may be, that is immune to a data breach.
Victims in 2019 include Dunkin Donuts, Dow Jones, BlackRock and, ironically, a major provider of IT security services. Just a few weeks ago, a hacker revealed that the details of 617 million online accounts, stolen from 16 hacked websites in 2018, were available for sale on the dark web.
While this particular hacker was gracious enough to list the compromised organizations, it often takes months before a data breach is discovered. This time between compromise and discovery is called dwell time.
During this time, attackers could move to different systems across the network and gather information. They could copy and transfer data. They could encrypt data and hold it ransom. They could also just trash everything in sight and cause irreparable damage. The longer it takes to detect and respond to a breach, the greater the cost to the organization in terms of lost data, lost sales, lost customers and lost reputation.
Cost of a Data Breach
According to Ponemon Institute’s 2018 Cost of a Data Breach report, the average cost of a data breach is $3.86 million, and the average time to contain a breach is 69 days. However, the average cost was reduced by more than $1 million for organizations that contained a breach in less than 30 days. Preparation and communication are critical to minimizing the costs and consequences.
An incident response plan is your strategy for responding to a data breach or some other security incident. The primary goals are to find and eliminate the threat and resume normal business operations as quickly as possible.
If you don’t have an incident response plan, or you have a plan that hasn’t been reviewed or tested in years, start by putting someone in charge of developing a new plan. This is the person who will create an incident response team, keep all parties informed, request feedback and assign responsibilities.
The average cost of a data breach is $3.86 million, and the average time to contain a breach is 69 days
Your Company Risk Tolerance
Once roles have been assigned, you need to define your risk tolerance. This begins with identifying critical systems and data that need to be restored first. Next, classify different types of events based on the level of risk so they can be prioritized. Then you can establish processes for responding to an incident, such as reporting, investigation, analysis of the incident’s scope, containing and eradicating the threat, and documenting information throughout the process.
One of the most important phases of your incident response plan occurs after normal operations have been restored. You need to develop a process for reviewing the incident, verifying the cause, and analyzing how the incident was handled in order to prevent a reoccurrence and improve your response.
There also needs to be a plan for communicating with customers. Beyond regulations that may require affected parties to be notified within a specific time period, you need to be proactive and take control of the narrative. Report the facts quickly and transparently to protect your reputation, and provide updates until the incident has been thoroughly investigated and resolved.
GDS can help you minimize the risk of a data breach by monitoring and managing your IT environment and implementing well-developed incident response procedures. With a network operations center staffed with security experts, we can reduce dwell time, accelerate response, support your communication strategy, and fine-tune your plan. Let us help you prepare for the inevitable data breach and limit the impact.