Please fill in the form below to subscribe to our blog

Speed: The Crucial Element in Data Breach Detection and Response

March 06, 2017

If you think you’re immune from hackers, consider this USA Today headline from March 25, 2016:1.5M Customers of Verizon Anti-Hacking Unit Hacked. We bring this headline to your attention not to cast aspersions on Verizon, but to illustrate that no organization is immune from hackers.

The first step in developing a cybersecurity strategy is to recognize that you will never be 100% safe from cyber criminals. From a defensive standpoint, your best approach is to make yourself a hard enough target that most hackers will move on to an easier target. We’ve written previously in this blog about steps you can take to reduce your vulnerability to hackers.

A key factor in limiting the damages arising from a data breach is having an action plan to detect and respond to data breaches when they occur. Forewarned is forearmed, and the critical element that determines the effectiveness of your response is how quickly you detect and respond to a data breach.

How to quickly detect when you’ve been breached

A typical data breach starts when a hacker attempts to steal email credentials from your employees. A recent example of a massive theft of login credentials can be found with LinkedIn.The data breach occurred in 2012 and LinkedIn originally estimated that 6.5 million user credentials were stolen.

In May 2016, LinkedIn found out that the actual number of stolen credentials was 117 million! The stolen credentials were being offered on the Dark Web by a Russian hacker for 5 bitcoins (approximately $2,300.)

The Dark Web is the non-indexed portion of the internet that serves as a black market bazaar for stolen information. The first step in quickly detecting a data breach is to have a threat intelligence tool that monitors the Dark Web to see if your email credentials have been stolen.

It’s not enough to monitor your email credentials on the Dark Web. Keep in mind that some of the most egregious data breaches occurred when hackers infiltrated the target organization’s supply chain. Make sure your threat intelligence tool monitors your supply chain for stolen email credentials as well as your own.

Remember, the quicker you detect a data breach, the quicker you can take steps to mitigate damages.

Roll out an identity monitoring program to affected individuals quickly

Depending on your industry, your location and the nature of the breach, you likely will have legal requirements that dictate how and when you must respond to affected individuals. For example, if Protected Health Information (PHI) is stolen, the Health Insurance Portability and Accountability Act dictates how you must respond.

Regardless of the required response, a quick, complete notification to affected individuals is very important. Don’t forget that lost sales and loss of customer trust are often the result of a data breach. By quickly communicating the incident and the steps you’ve taken to minimize the impact on affected individuals, you take a crucial step towards maintaining trust with your customers.

For most data breaches, you will want to roll out an identity theft monitoring program to potentially affected individuals. It’s critical to quickly implement and communicate this program so affected individuals can take steps to protect themselves.

A good identity theft monitoring program will facilitate quick enrollment – it should have multiple communication channels to accommodate individual preferences. Some may prefer to do everything online, others may prefer to speak live to an expert. Make sure that you accommodate all reasonable communications preferences.

As is the case with detection, the quicker you respond to the breach, the lower the chances of your customers or employees suffering damages from the breach.

The old adage that an ounce of prevention is worth a pound of cure holds true when it comes to data breach detection and response. In the cybersecurity realm, the ounce of prevention is having a response plan before you are hacked and the ability to quickly implement if you are hacked. Want to learn more about how you can protect your organization from hackers? Talk to one of our experts.