An IT lens on data breach response
Michael Bruemmer, vice president, Experian Data Breach Resolution
Data breaches are not new to the IT world, but with the recent high-profile mega breaches that have occurred and ensuing media coverage, the topic has been greatly elevated among public consciousness and C-suite executives. This heightened awareness has created an interesting dynamic for security professionals; on one hand it has taken some of the heat off of IT as the primary wardens and, if a breach occurs, the culpable department for the security lapse. As we have seen, chief executive officers at organizations have been, and will continue to be, held ultimately accountable for safeguarding a company's data.
On the other hand, IT has broadened the landscape of data breaches so that those on the more technical side of the fence are required to have a larger understanding of how a data breach is more than a security lapse. There are touch points and ramifications that affect many departments within an organization. This extends to outside the office walls to the company's customers as well, who are the most important stakeholders to address when a breach occurs. Faced with this reality, what can organizations do to prepare and minimize the damage?
Based on our experience and observations, we've compiled five lessons from the data breach trenches – keeping in mind the IT security perspective when a breach occurs. These lessons provide guidance for managing a data breach before, during and after an incident.
First, it all starts with IT. We've learned that every sector – from banks to retailers and the health care industry – is susceptible to a data breach and when cyber criminals find vulnerabilities, they will use them time and again to attack similar industry organizations. While a data breach is inevitable, organizations can significantly reduce the costs and reputational fallout by preparing ahead of time with a strong IT security posture, chief information security officer (CISO) or outsourced IT consultant and an incident response plan. The response plan – similar to a fire drill – should be practiced and backed by a solid team which includes, in addition to IT, C-suite executives, legal counsel, forensics, breach resolution providers, public relations and human resources. An up-to-date and practiced response plan can save an organization on average $12.77 per record. Multiply that by hundreds, even thousands of records exposed in a data breach and the savings can really add up.
In relation to a data breach preparedness plan, IT contribution is important. This department can play a large role in properly preparing for a breach and driving adequate response by outlining high-impact incidents based on the type of information the organization collects, the industry sector and operating countries. Organizations should conduct research and audit how industry peers have handled relatable breach incidents. For example, in the retail sector, evaluate recent payments breaches and then plan for similar scenarios.