The strategic response strategy your company needs

With all of the threats to cybersecurity in the world, there’s often an onus on establishing a strong prevention plan. But what about when those protections fail?

It’s not a matter of thinking if, but when security measures fail how a company and its IT department react. There are worse responses than others, such as Yahoo’s prolonged response to its breaches back in 2013 and 2014. But here we’ll discuss how to create a strong response plan when breaches happen.

Get your priorities straight

First things first, a company has to know what its priorities are. After a breach, does it want to:

  • limit the damage done
  • attempt to recover stolen assets
  • remain in compliance with government notification regulations
  • put customers and users first
  • prosecute the cybercrime, or
  • a combination of all of the above?

There’s no one answer that fits every business’ needs. But each one needs to be considered before going any further with a recovery plan, as it hinges on what the company’s priorities and wants are.

The Streisand Effect

There’s a specific term for situations where someone tries to cover up an event in the hopes it goes away only for the blowback to make the initial event that much worse. Fallout is much more contained when the situation is properly addressed and handled, however. So respond, and respond quickly.

Any plan should include a comprehensive internal investigation. This will determine whether the breach is caused by an internal or remote source, as well as the scope of the damage. An investigation is also vital for figuring out how to prevent any future attacks.

Evidence should be gathered in a forensic manner, as quickly as possible. In the event the attack is coming from within the company, the immediacy can uncover any attempts to delete evidence. IT pros know how to cover their tracks. Anyone on the investigation should also have temporary access to any privileged users and their actions on the network, on the off-chance the attack is from IT staff or is on the C-Suite level.

The following should all be considered during the investigation: means, motive, misuse of privileges and opportunity. Anything the investigation turns up should be thoroughly documented and follow the company’s outline plan for handling security breaches.