Today, a major data breach can do more than just cost an organisation money. It could see the company forking out millions is regulatory fines should sensitive data be exposed, it could destroy a businesses’ reputation, and it could cost the company a fortune is loss of customer confidence, and therefore new business.
Recovering from a breach isn’t easy. Should a company be successfully attacked, over and above identifying and fixing the problem, it would have to notify all parties who’s data has been compromised, provide them with credit and possibly identity monitoring. Then it would need to bring crisis management experts on board to try and limit the damage.
“Customers don’t forget,” says Simon Campbell-Young, MD of Credence Security. “Trust is already hard to win back. It’s even in harder in a world with myriad similar services and products waiting to take the place of yours. And it’s even harder in a world where customers instantly share their experiences over a range of social media channels.”
This is why he says prevention is better than cure, and businesses need to build cyber resilient organisations to prevent themselves falling victim to a security event. “An approach to security should be practical and effective. All businesses are different, as is the data they handle, their appetite for risk, and with that, the threats they face.”
The first step is identifying the most valuable data assets, and allocating security resources appropriately. “Most companies don’t have unlimited security budgets, and therefore security efforts must be prioritised. Understand what needs the most protection, and maintain controls around those assets.”
Campbell-Young says businesses should also balance their security spending. “There is no silver bullet, so throwing the entire budget at preventive measures would be extremely unwise. Sure, businesses need to prepare, and keep the bad guys out, but they also need solutions in place to detect a threat in the event of a breach, as well as tools that enable the organisation to respond effectively in that instance. Incident response has become a crucial link in the security chain, as businesses look for ways to boost their readiness to handle incidents.”
Next, he says, is to focus on the human element. “It is a fact that a large number of incidents happen due to careless actions by employees. Have policies in place so that all staff know what is expected of them, and what their role is in terms of security. Moreover, make sure they are trained, and know not to click on links and attachments in suspicious emails, as well as understand concepts such as spear phishing, so that they are not easily socially engineered.”
In today’s constantly changing threat landscape, having security intelligence is key too. “This is where actionable intelligence comes in. Receiving the right intelligence helps businesses understand their adversaries, and hopefully stay ahead of them. There are many ways to get this intelligence, including cloud-based sharing platforms, internal monitoring, public sources, vendor research and suchlike.”
Further to this point, says Campbell-Young, is sharing security incident and breach data with law enforcement, CERTs, security vendors and peers. “Sharing this data helps businesses fully understand the impacts of a breach, and how it can affect not only operations and systems, but reputations too. Data sharing has given researchers real insight into the various cyber criminal groups out there, and has been an effective weapon in the war against cyber crime.”