Today’s remote-centric workplace means we are relying on digital tools and processes more than ever before. This has caused risk in data breach activity.
Brand giants such as Twitter, EasyJet and Zoom are just a few of the major cases that have made headlines over the past months. Unfortunately, the phrase ‘a data breach is just a matter of time’ is now more relevant than ever for any company, regardless of its size or vertical. If anything, companies must face the fact that a data breach can impact them at any moment, particularly if their workers are predominately working remote in response to the pandemic. Against this backdrop, it is obvious that every organization must be ready to respond to a breach, now, to effectively mitigate its impact.
1. Start with Cybersecurity Fundamentals
Unfortunately, if an organization does not follow basic cybersecurity practices, it is unlikely to handle a data breach effectively. In fact, companies that do not know what types of sensitive data they hold, where that data resides or if it has been exposed as a result of excessive permissions, will not be able to quickly assess the scope of an incident and block its access.
Following basic cybersecurity practices is the cornerstone of efficient incident response. These practices include ensuring that sensitive data resides in secured locations, eliminating data overexposure and revoking unnecessary access rights. With appropriate levels of visibility, IT teams can get to the bottom of a breach quickly, analyse the context around it and undertake adequate measures to remediate it. If you know exactly what data you have, where it resides and how employees interact with it, you can focus your security efforts on a specific system, user or type of data, which will make your incident response dramatically more effective.
2. Improve Detection Capabilities
According to a recent report by Microsoft, threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to detect. This is a worrying revelation, as the longer data breaches remain undetected, the worse the consequences are for an organization.
Ensuring that that the enterprise can detect an intrusion in a timely manner is an essential aspect of any incident response strategy. The detection of security incidents must be automated — this will enable an organization to determine the best response more quickly and minimize potential damage. Thus, if an IT team has an automated solution to monitor user activities or receive regular alerts on abnormal user behavior, they will have a better chance of detecting a data breach before the data is compromised. The Netwrix 2020 Data Risk and Security Report proves this point: according to the study, organizations with automated methods of monitoring data sharing were able to detect security incidents in minutes (48%), while those who didn’t have automated processes spent days (56%) or even weeks (22%).
3. Make Certain Incident Response is Actionable
Most incident response programs (IRP) are documented and stored on the organization’s intranet. Such documentation usually contains policy, standards and procedures. However, it is critically important to standardize the different aspects of this program so that it can be well executed. This includes clearly defining all organizational roles in the program so that everyone is familiar with their respective duties and responsibilities. It is also important to ensure that all employees have been trained on what to do in case they notice a security incident. As an additional benefit, this will help the organization minimize the risk of a data breach as a result of human errors, as employees will better understand the damage that a single mistake can cause.
It is also important to ensure employees know how to report a security incident and who is responsible for taking further action when responding to a breach. Last but not least, any IRP should be thoroughly tested. This will help the organization identify and address any technical or communication gaps in the program so that when an incident happens, the response will occur smoothly.
4. Recover and Learn from Mistakes
If any data was lost or altered as a result of the breach, it is essential to prioritize the recovery of key data. Furthermore, it is also essential to focus on organizational recovery to restore operations back to normal. After this is complete, the final step is to incorporate lessons learned from the data breach into an organization’s security strategy. This includes identifying and closing the security gaps that allowed the breach to occur, thereby eliminating the risk that attackers will break in the same way once again.
Data breaches are inevitable, especially as the ‘cyber-pandemic’ continues. This reality requires organizations to remain in a constant response mode. However, if IT teams mind these tips and arm themselves with easy-to-use detection tools, their losses from data breaches can be minimized.
Ilia Sotnikov is an accomplished expert in cybersecurity and IT management. He is Vice President of Product Management at Netwrix, provider of a visibility platform for data security and risk mitigation in hybrid environments. Netwrix is based in Irvine, Calif.