In our last article, we discussed the implications of not securing data and the challenges of tackling a breach. Here we address the immediate steps to take after notification of a breach and what follows.
Preservation of information is key in any breach and this needs to be done as quickly and broadly as possible. It will likely include obtaining logs from the potentially impacted and high value systems (even before you know whether or not they were impacted), or information that is critical to the running of the organisation. This requires digital forensics experts using tools to ensure that it is done quickly; so that the information is preserved before it is overwritten (something that often happens with logs) and that it isn’t altered during the preservation, making it difficult to examine.
Any delays and gaps can lead to an inability to define the timeline - you may know a system was breached but are unable to determine how because the relevant information has been overwritten. This uncertainty can lead to additional issues or a loss of trust when you’re unable to provide answers to stakeholders about the impact of the breach.
Knowing you have reliable information provides certainty and clarity. These are valuable commodities in a time of chaos and stress. Without access to this information you can never truly be confident if a breach has fully been contained, those affected identified, or whether or not you’re still compromised.
Once you know how the breach occurred you can begin to fix the problems that lead to it. The remedy for a breach of emails is different from one caused by a vulnerability in an application.
You don’t have to wait for a breach to happen. Regular security testing and review can identify issues and allow you to fix them before something happens.
At this point you’re probably thinking, now what? I have all these questions about the information my organisation holds.
These questions can be difficult to answer and become vastly more complex when you try to do this at scale for an entire organisation. In this digital age, for most organisations it’s now a question of when a breach will happen, not if, and the significance when it does.
Protecting your organisation requires a holistic approach. Take the opportunity to prepare before something happens; know what data you have, where it is, who has access to it, and why you have it in the first place.
Then make sure you have access to the right people and tools across a wide range of disciplines including; Digital Forensics and Incident Response, Investigations, Cyber Security, Legal, and Privacy to ensure that when something happens you can respond immediately and minimise the impact.
Contact us
