Page 66 - Cyber Warnings
P. 66
Staying on Course in The Aftermath of a Security Breach
Fortunato Guarino, Solution Consultant, EMEA and Cybercrime & Data Protection Advisor,
Guidance Software
It’s the news that every security team fears, yet, the fact is that any business can – and will – be
the victim of a data breach at some point, many more than once.
This is a particular concern for businesses in the Middle East – according to a March 2016
report by PwC , 85% of respondents to the survey believe that businesses in the Middle East
are more likely to suffer from a cyber-attack compared to the rest of the world (global average of
79%).
Worse still are the monetary losses, with 56% of Middle East respondents reporting losses
greater than $500,000 compared to 33% globally.
Despite this reality, there is little guidance available for most companies on what to do in the
immediate aftermath of a breach.
Critical decisions need to be made immediately after a breach is discovered to assess its scale
and scope.
This will determine the most effective next course of action, from which resources to mobilize, to
which chains of command need to be activated and what evidence needs to be collected.
When, what and how to share information with law enforcement and other external authorities is
also critical to help prevent further damage and help reduce future attacks.
With preparation in advance, organisations can ensure that, when the worst happens, they can
respond quickly to protect themselves, their customers and their stakeholders.
Implement a Tested Incident Response
Being adequately prepared to deal with a cyberattack can significantly reduce the cost of a
breach. However, having a plan in place and testing that response process to ensure that it
works, are two different things.
That’s why a critical part of the preparation process is to stress test the robustness of the
response process.
Many organisations may think that they have sound policies in place but have not drilled these
in a test scenario. The processes - for knowing which systems to shut down or who owns which
assets and processes - need to be mapped and thoroughly practiced.
66 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
