How to Survive an Information Security Breach

Information security breaches are an unfortunate fact of life. As long as an organisation handles sensitive information, there exists the possibility of a data breach – and even top-tier security systems are fallible.

Information security breaches are an unfortunate fact of life. As long as an organisation handles sensitive information, there exists the possibility of a data breach – and even top-tier security systems are fallible.Thankfully, your organisation isn’t powerless. It’s possible to identify, respond and recover from these breaches quickly and efficiently. By following a few best-practices of information security, the impact of breaches can be reduced, and the long-term security of your organisation maintained.

Monitor and Manage Your Data

In order to identify information security breaches, and respond to them in the most effective way possible, it’s essential to develop a comprehensive understanding of your organisation’s data systems. With limited security resources, your first priority should be the identification and segregation of sensitive data from non-sensitive data. Doing so will allow you to prioritise the security of crucial information, and allow you to recognise data breaches as quickly as possible. Sensitive data then needs to be mapped across all possible touch points, including data flows, data storage, and data access. Strive to monitor data at all times; identify all instances of data access, and log the identity of the user responsible. This type of proactive monitoring solves the primary problem of a data breach: detecting that a breach has occurred. Once a breach has happened, it’s a good idea to temporarily restrict access to all sensitive data, and log any further access attempts. Until the source of the breach has been identified and plugged, ensure that all requests for sensitive data undergo a process of approval.

Understand the Motivations for a Data Breach

In order to minimise the damage of a data breach, and reduce the likelihood of future data loss, it’s essential to understand the causes and motivations of each breach. Most breaches can be traced back to one of three types of instigator:

  • Benevolent insiders are well-intentioned employees and network users who fail to comply with an organisation’s security policy and data use protocols. Their lax security practices and poor security awareness can lead to an inadvertent data breach.
  • Malicious insiders are authorised users that intentionally instigate a data breach.
  • Targeted attacks originate from malicious breaches caused by determined third-party entities. They’re usually instigated to gain access to an organisation’s assets, or to damage an organisation’s reputation.

Whilst inadvertent data breaches can be minimised through improved security awareness training, malicious attacks are harder to prevent or remediate. In order to recover from malicious data breaches, it’s essential to pinpoint the assets which have motivated the attack. These assets typically take one of three forms:

  • Customer data, including payment information, medical information and financial records.
  • Organisational data, especially financial documentation, strategic planning information and employee data.
  • Intellectual property, including designs, patents and pricing lists.

Awareness of assets will allow you to prioritise your security monitoring, and allocate the greatest resources to securing the most valuable assets. This makes it much easier to identify data breaches as and when they happen, and minimise the loss of sensitive data.

Implement an Application Security Policy

With an increasing reliance on external software providers, and huge variance between vendor security protocols, application security is the weak link in most modern computer networks. Thankfully, developing your own application security policy will help you to reduce organisational vulnerabilities, and empower your own security and development teams to respond to and remedy breaches as quickly and efficiently as possible. Application security should be addressed as part of an overall information security policy, and should include these best practices:

  • Strive to source and use only secure software.
  • Ensure that your developers understand the basic principles of application security.
  • Use application threat modelling as a thorough framework for analysing the security of your applications, and make use of both static and dynamic testing.

Protect Your Reputation

There’s no such thing as perfect security. Even with the most rigorous security policies in place, it’s still possible for your data to be compromised. Thankfully, most consumers understand that we live in an imperfect world. By committing to honesty and transparency, it’s entirely possible to recover from a data breach without any lasting damage to your organisation and reputation. Always strive to:

  • Admit when a security incident has happened
  • Notify any customer who may have been affected, and provide help to resolve their resultant problems
  • Be open about the reason for the breach and the steps you’re taking to resolve the problem, and provide updates as the situation unfolds
  • Empathise with your customers
  • For a great case study of this in action, check out how BufferApp handled a recent security breach.

Successfully recovering from an information security breach is known as cyber resilience. The procedures and policies documented here play a crucial role in instilling cyber resilience, but they aren’t the only aspects of effective security. A resilient organisation relies on a secure culture – an organisation-wide awareness of the importance of information security.

Get Switched on

Subscribe to our newsletter to keep ahead in the industry, and be the first to access new reports and white papers.