How to identify and respond to a data breach

Uncategorized

How to identify and respond to a data breach

Data breaches can result in significant costs to an organisation – according to Ponemon Institute’s ‘2017 Cost of Data Breach Study: Australia’, the average total cost of a data breach was $2.51 million.

But the costs to the individual whose personal information has been intercepted can be devastating, with consequences ranging from financial fraud and identity theft, to psychological and even physical harm – and the effects can last for years.

It’s crucial, therefore, that organisations do everything in their power to keep personal information safe.

But while most organisations understand this in theory, properly securing data is fraught with complexities, and this is reflected in the numbers.

According to the Office of the Australian Information Commissioner (OAIC), a whopping 305 data breaches were reportedbetween February and June 2018.

Even the biggest organisations aren’t immune – a few days ago, reports surfaced that Facebook-owned Instagram had been hit by a hacking campaign, leaving hundreds of users locked out of their accounts.

The scary fact, though, is that you may not even know your information has been compromised, with the Ponemon Institute reporting that it took Australian organisations an average of 191 days to identify a data breach.

In this post, we take a look at how to identify a security breach, and what to do in the event of one.

How to identify a data breach

As is evident by the Ponemon Institute’s finding, detecting a breach can be difficult, with the vast majority being detected by third parties rather than internal security processes.

Still, by regularly monitoring your network for signs of compromise and employing data breach detection tools, organisations can improve their ability to quickly and effectively detect breaches. If you know what your baseline traffic looks like, it becomes much easier to identify abnormal activity.

Here are a few signs that your network could potentially be compromised:

  • Presence of unknown or unauthorised IP addresses on wireless networks
  • Multiple failed login attempts for system authentication and event logs
  • Suspicious activity on the network after-hours
  • Unexplained system reboots or shutdowns
  • Services and applications configured to launch automatically without authorisation

 

What to do in the event of a data breach

Quickly detecting a data breach is only part of the equation – once a breach is detected, it must then be resolved. But Australian businesses seem woefully underprepared.

According to Vanson Bourne-CyberArk’s ‘Global Advanced Threat Landscape Report 2018 ‘, just 47% of Australian businesses believe their organisation would be completely prepared to investigate a breach and notify affected customers in line with guidelines.

A shocking 42% of Australian respondents also admitted they did not understand their specific role if their organisation was hit by a cyber attack.

It’s crucial, therefore, the organisations have a highly detailed data breach response plan. The Office of the Australian Information Commissioner (OAIC) recommends that a data breach response follows four key steps: Contain, Assess, Notify, and Review.

Contain

The first step upon detecting a data breach is containing the breach as much as possible by limiting any further access or distribution of the affected personal information, and preventing the compromise of other information, whether that is by changing access credentials or shutting down the system altogether.

Assess

The next step is evaluating the extent of the damage, and attempting to mitigate the damage where possible.

This means gathering as much information about the breach as possible, and considering whether remedial action (such as recovering lost information or changing credentials on compromised accounts to prevent unauthorised transactions) can be taken to reduce potential harm to individuals.

Notify

If the assessment reveals that the breach is likely to result in serious harm to the individuals involved and remedial action has not resolved this, then according to the guidelines of the Notifiable Data Breaches scheme, organisations must notify the OAIC and the affected individuals.

Notifying individuals about a data breach is a highly important step, not only because it allows individuals to take proactive steps to prevent potential harm to themselves, but because it also helps an organisation repair its reputation. Remember, it never looks good if an organisation is caught covering up a breach, as Uber was in 2017.

That being said, organisations need to be reasonably sure that a breach does actually pose a risk to individuals, as notifying people about a breach that poses little or no risk can cause unnecessary stress.

Review

Once the data breach has been appropriately dealt with, organisations should then take the time to review the incident in order to reinforce security measures and prevent future breaches.

Prevention is better than a cure

While data breaches almost seem like an inevitability, there are measures that organisations can take to reduce the likelihood and magnitude of a breach.

Here are a few preventative measures you can take to protect your organisation:

  • Know where your data is: Organisations need to have thorough understanding of where and how sensitive data is stored and secured.
  • Give employees regular cybersecurity training: Of the data breaches reported to the OAIC between 1 April and 30 June, 36% of them were the result of human error. It’s important, therefore, that employees are regularly taught cybersecurity best practices.
  • Run data breach drills: There is not much point having a highly detailed data breach response plan if aspects of that plan is flawed. That’s why it’s important to test the various processes in a drill that is representative of what might actually happen, so you can iron out any kinks before the real disaster strikes.
  • Have regular security audits: No organisation can be expected to keep on top of new threats and security measures on their own. A security audit undertaken by an experienced third-party can help you identify any vulnerabilities you have missed.

 

Think your document environment could be at danger of a breach? Don’t take the risk – to better protect your data, book a security audit today.

Security audit of document management processes