No one wants to deal with their business being breached. But given the era we live in, it’s often more a question of when a cyber-incident will impact you rather than if it will. It’s a sobering thought, sure - but you can use that knowledge to your advantage. Because the main difference between a business that’s destroyed by a breach and one that survives lies in the response.
We live in troubling times from a cybersecurity perspective. And if you think your business is somehow immune then you haven’t been paying attention. Every organization, no matter how great or small, is a potential victim.
“Preventing a cyber-attack today is nearly impossible,” explains Tim Norris, Product & Solution Strategist at cybersecurity firm RSA. “The threat landscape is too vast and fast-changing, and methods are too complex to be able to prevent them all...Organizations are moving toward a threat detection and response posture.”
With that said, here are a few things to bear in mind when you make that shift within your own business.
React Fast or Lose
What do healthcare, cybersecurity, and law enforcement have in common with one another? Something that’s known as “the golden hour.” In other words, time.
In medical emergencies, criminal investigations, and data breach responses, the hours immediately following an incident are the most important. They can make the difference between saving a life, catching a criminal, or protecting your business’s data.
The faster you recognize that an attack is taking or has taken place, the more effectively you can mitigate the damage from that attack. The more visibility you have into your networks and the activities of your employees and business partners, the more readily you’ll be able to identify suspicious activity. And the more effectively you enforce your cybersecurity policies, the better equipped you’ll be to prevent a breach from happening in the first place.
That’s one thing a lot of recent breaches have had in common - the victims weren’t notified until months, perhaps even years after they happened. The average time for a data breach to be discovered, according to computer firm IBM, is approximately 297 days. It’s almost expected that your business might take a while to notice it’s been breached.
However, once you do notice, you need to respond instantly.
That’s one thing financial corporation Capital One did right with its recent data breach, which took place in March. Once the bank was aware that something was wrong, it only took twelve days to track down and arrest the culprit - a malicious insider by the name of Paige Thompson. It also went immediately to the media, notifying major stakeholders of the compromised data.
When did the breach happen? How and why did it happen? Who was responsible? Who is directly impacted, and how? What are you doing to prevent an incident like this in the future?
These are all questions that people will demand you answer as part of your breach response process.
And you should. The more authentic and transparent you are with your customers in the wake of a cyber-incident, the better it will be for you. Some reputational damage is inevitable, of course - but at the same time, people will remember that you were open and honest with them about what happened and how you’re dealing with it.
That authenticity matters more than you know.
Ensure It Doesn’t Happen Again
Once you’ve notified all the necessary stakeholders and figured out that you’ve been breached, your next step is to ensure that the same thing cannot happen in the future. Oddly, this seems to be one area in which many breached organizations fail. They might make a few tweaks that pay lip service to better security, but ultimately it’s all empty noise.
Don’t follow their example.
Instead, once you’ve figured out what caused the breach, go to every length possible to prevent it from happening again.
Bring in a third-party agency to assess your cybersecurity posture. Start working to improve your organization’s attitudes toward cybersecurity. Cut ties with partners and vendors whose security practices aren’t up to your standards.
In short, start taking cybersecurity more seriously than you ever have - and keep doing it.
In a perfect world, you’d be able to prevent a cyberattack against your business from ever succeeding. Unfortunately, we don’t live in a perfect world. A solid crisis response process is every bit as important as strong cybersecurity, perhaps even more so.
About the Author: Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.