January 14, 2021
Protect Your Organization with Improved Incident Response
A well-planned incident response capability can protect your organization from external and internal threats, no matter where work takes place.
On January 17, LogicGate’s Jon Siegler was a panelist on ITGRC Forum’s webinar Critical Actions to Survive a Data Breach in 2019 and Beyond.
Siegler joined Justin Fier, Director of Cyberintelligence at Darktrace, and Stephen Boyer, CTO at Bitsight, for an insightful and wide-ranging discussion moderated by Informed Risk Decisions’ Colin Whittaker. The conversation touched on issues critical to any company that collects customer data, such as preventing future megabreaches, putting response plans in place, and gaining buy-in at the executive level.
Preparation is key
With megabreaches continuing to make headlines, all agreed the best approach is accepting that a company will get breached at some point and preparing a response well ahead of time.
“Embracing this mindset will allow companies to focus on what their breach response is going to be like,” Siegler noted, because "The market is really going to judge you on how you respond."
Boyer concurred, adding that “the key is speed and as much transparency in the disclosure process when communicating with customers. This is where having a breach response plan comes in handy.”
Addressing the fundamentals
Of course, accepting that a breach will happen someday isn’t the same thing as failing to take every precaution to prevent one.
Unfortunately data breaches are often due to any of three things: overlooked fundamentals, a detail that someone did not address, or simple human error, according to Boyer.
To address this low-hanging fruit, Fier recommends tools that provide greater visibility and speedier detection and remediation than in the past. He warns against overinvesting in “shiny-blinky things for one-off problems," however.
Part of the problem, Fier contends, is that we’re still using old methods to combat common current threats.
“Machines are getting faster, we're consuming more and more data, IoT has exploded, yet we're still using the same security practices that we used three years ago,” he said. "What worked just three or four years ago does not work today, and unfortunately I just don't see a lot of companies adapting to the new cyber world that we live in.”
Driving ownership
C-level executive sponsorship is imperative for a breach response plan to be taken seriously, Siegler notes. It’s the only way to make sure everyone is on the same page, and the reality is data breaches impact the business and not just IT.
This is why response plans must be driven by business concerns, and why assembling a team to devise the plan should be a cross-functional exercise, he added. Too many breach responses fail when led solely by the IT department.
"You want somebody to be that response manager, somebody with project management skills who can wrangle different people across the organization, who's able to communicate those plans, address any remediation that need to occur immediately and then communicate out to regulatory agencies or to your customers," Siegler said.
Just who should be on the response team?
Beyond information security or privacy functions, Siegler recommends involvement from general counsel, marketing or public relations, and customer service. This way all aspects of the response are addressed, from fixing the root cause to communicating with customers and partners.
Final recommendation
The entire panel agreed that it’s equally important for companies to test their breach response plans, just like they would test their business continuity and disaster recovery plans, and run through it like going through a real breach.
Just like there’s no such thing as being too secure, there’s no such thing as being too ready for a breach.