A Change in Thinking about a Breach
Historically we have concentrated our efforts on shoring up our networks and working to stop any unwarranted entry. We close our firewalls, inspect incoming and maybe outgoing data, use multi factor authentication and train our users. We stress over DNS protection and whether that thumb drive sitting on the desk might be carrying a payload.However, there is little attention paid to what we will do in case of a security breach. Indeed, there is a failure in our planning for the inevitable breach.
This is not atypical of course. We have smoke alarms in our houses, but have we ever thought about what we will do in the event the alarm is set off? Likewise, we go on vacation and don’t even consider how we might handle a sudden illness or accident.
A Breach is Inevitable
It is time to start thinking and planning our response to a breach. Below is a less than exhaustive list. It should get you started.
- Business Continuity Plan
- Incident Response Plan
- Cost Coverage Plan
Business Continuity Plan
A Business Continuity Plan should be developed and revisited by all businesses. We need to analyze what events would damage our business and to what degree? Likewise, what will we do in the event of a disaster or incident that impedes or halts business? This will need to be tested in simulation and the results used to determine changes required. The changes can then be implemented and the procedure can start again. In addition, within the Business Continuity Plan, there should be reference to an Incident Response Plan and a Cost Coverage Plan.
Incident Response Plan
You should include both written and graphic descriptions of the process for dealing with a breach in your Incident Response plan. All the way from the discovery of an incident to the final step back to normal business. The plan will need an Incident Response Manager and Team, a Communications Lead, all Stakeholders and a Legal Counsel. You should document The decision process, how you communicate and how you will escalate and resolve the incident. You will need to include your logs and document locations in your Incident Response documentation.
Cost Coverage Plan
Do you know how much a complete halt to your business would cost you? Payroll is usually the single largest cost for a business. Accordingly, how much does it cost for your staff to do nothing? Further, how much would it cost for a Cyber Security Team to resolve your issue? This does not begin to uncover the costs to the company’s reputation. How will your clients respond? How long would delivery be delayed? Can you withstand the cash flow interruption? Some of these questions have somewhat intangible answers and are supremely difficult to answer.
However, we can help with one question. Can we defray the cost of dealing with a breach? Yes you can, with Cyber Insurance. Multinational Companies like AXA and AIG provide Cyber Security coverage within their lines of business. One Insurer, Cowbell Cyber, deals exclusively with Cyber Insurance and they have a Dashboard that helps you understand your weaknesses and improve your security posture. It’s self interest for sure, but a smart move none the less.
We have talked about the future of hacking and the need for a change of mindset in a previous blog. One of the first blogs we wrote dealt with simple procedures to help secure your network from a breach. The scope of this issue we are facing is so much larger than can be dealt with in a single blog. If you can just start down the path to planning for the Inevitable breach, you will be in a much stronger position and more mature than a great number of companies in business today. It is some effort, but it will be so worthwhile.
If you would like to talk further about this, and believe me we can talk for hours about it, please do contact us at firstname.lastname@example.org