Stuart Poole-Robb, Chief Executive of Business Intelligence and Security Adviser, at the background checking and information security consultancy KCS Group Europe, outlines three steps that organisations must take to recover from a data breach.
The numerous data breaches that have hit the media headlines over the past few years demonstrate how imperative it is that every organisation creates a detailed action plan in the event that a hacker is able to infiltrate their system and steal a treasure trove of data. What’s more, cyber threats are evolving, fast, as criminal gangs embark upon increasingly targeted attacks, from social engineering to exploring the dark web for company specific information, to even placing rogue individuals into an organisation as employees. There are multiple tools available to organisations to keep them safe from the hackers. However, for those organisations that don’t have the correct measures in place, dealing with the aftermath of an attack is essential.
1. Identify the source of the breach
The first step that organisations need to take is to identify the source of the breach. Gaining advice from an external source is essential here, as it is likely that the missing links in the cyber security strategy were already over looked by in house-IT and/or existing consultants. A fresh pair of eyes is therefore needed to examine the situation from all angles.
2. Assess the extent of the damage
After the source of the breach has been detected, the next step is to assess the full extent of the damage; has more data been compromised than initially realised? A full search on the Dark Web using embedded sources often reveals not only how much of the company’s sensitive data is already for sale to the highest bidder but also data that was leaked or stolen in previous unrecognised breaches. A full forensic search is now required internally on the compromised systems, ideally with the aid of products that can inspect logs and trace the start of the breach.
3. Strengthen IT security defences
Finally, organisations need to strengthen the IT defences in place and safeguard against future attacks. Organisations need to fight intelligence with intelligence. Are employees trustworthy – and if so, are they switched on to the risks associated with social networks? Are potential business partners, suppliers and investors who they appear to be? Is a competitor looking to cause reputational damage? Or is a specific company weakness being discussed or traded on the dark web? From penetration tests to demonstrate employees’ vulnerability to social engineering to dark web vulnerability reports and thorough background checks, by fusing intelligence led security measures with existing security tools and processes, organisations change the game.
Conclusion
Cyber hackers no longer operate only online; they increasingly exploit ‘traditional’ criminal skills in person to bypass cyber security procedures and gain specific insight into a corporation and its employees. And they invest huge amounts of time and resources to target specific organisations, for a range of objectives. There is simply no way that the cyber security tools currently deployed can fight this form of targeted attack. It is only by fusing intelligence led security that delivers insight into specific risks with the right security tools and processes that organisations can start to fight back. And the fact remains that in this age of such sophisticated hackers, a post-breach action plan is essential. Without a plan, the alternative could be disastrous: careers would be on the line, shareholders would be furious and clients would be disgruntled. No organisation should take the chance.
