Despite all attempts of preventing data breaches, they are bound to happen. Thus, preparing for such problems can help users go a long way in responding quickly and thereby containing the damage caused. A recent survey conducted by the Ponemon Institute showed that on an average the cost of a malicious data breach is about $840000 and the cost per record is about $222. Despite of this fact, only 40% of the organizations which were surveyed claimed to have the proper funding, knowledge, tools and personnel in place to help them track down the root cause of such breaches.

Planning for the Data Breach

The main problem is that most of these breaches remain undetected for an extremely long time. The survey showed that it takes about 80 days to detect ad discover such breaches and about one third of them are not uncovered by the defences employed by the company. These breaches are mostly discovered by customers or by accident. Thus, planning for the prevention of such breaches has become extremely important. Moreover, simply planning for them is never going to be enough. Companies need to test out these plans by conducting exercises and mock breaches so that the users and the personnel can get familiar with the processes of containing a breach. These exercises go a long way in helping the company to efficiently contain the breach when it does take place. The processes of planning for such breaches contain 5 key steps. The first step is to develop interconnected breach response processes which include efficient crisis management, incident management and case management systems. The second step is to test these systems regularly to prepare them for the inevitable breach. The third step involves making a comprehensive analysis and trying to get a full image of the damage done. This can go a long way in helping out with future breaches. The fourth step involves maintaining proper activity logs so that the regulatory requirements can be met. Finally, employees should be encouraged to report suspicious activity and the IT departments should develop a practice of checking out each report, whether it is genuine or not.

Determining the cause

One of the most important aspects during a data breach to take care of is to stay calm and take proper time in eliminating the breach. Simply rushing in to find solutions will not get the company anywhere as it prevents them from gaining valuable insight which could go a long way in preventing future breaches.  It also pays to capture a forensic image of the network which is affected so that it can be analysed after the system goes back online. These practices can help companies understand how were they attacked and how can such attacks be prevented in the future. Moreover, a breach should be looked at as a learning curve rather than a failure. Learning from mistakes is the surest way to ensure that the mistakes are not repeated again.

You can follow any responses to this entry through the RSS 2.0 feed.