Thursday, 22 September 2011 08:40 1657No Commentshttp%3A%2F%2Fblog.q1labs.com%2F2011%2F09%2F22%2Ffive-ways-to-prepare-for-your-data-breach%2FFive+Ways+to+Prepare+for+YOUR+Data+Breach2011-09-22+13%3A40%3A06Michael+Applebaumhttp%3A%2F%2Fblog.q1labs.com%2F%3Fp%3D1657

Posted by Michael Applebaum in Cybersecurity, Risk Management, Security Intelligence

Data breaches are a reality today.  Yesterday, we heard reports that  nearly one-third of Massachusetts’ population have been affected by data breaches in the past two years.  Some breaches result from negligence, but many are due to malicious activity.  Thus the industry conversation has moved beyond “if” to the questions of “when,” “what,” “who,” and “what is the impact”.

So how should you prepare for your data breach?

Once you’ve resolved to not bury your head in the sand, there are several ways to prepare.  One of the newer options getting attention is data breach insurance.  This innovation can offer coverage for a variety of potential costs associated with a breach – legal defense, forensic investigations, notifications to affected individuals, crisis management, liability claims and so on.  As a newer financial instrument, the terms and coverage can vary significantly from one insurance provider to another.

By no means does data breach insurance protect an organization against the event itself or all the consequences of data theft or exposure, but it is a prudent step to mitigate the potential economic impact.  As with auto insurance- which doesn’t eliminate accidents- data breach insurance doesn’t reduce the incidence of data breaches; it merely recognizes that breaches happen.

What else can you do to prepare?  Here are four more ways to get your house in order:

• Reduce the risk of breaches before they happen. While it’s impossible to eliminate the risk of breach, you can act to reduce the likelihood.  Perform vulnerability assessment and penetration testing, monitor configuration risks, and conduct simulations before making network changes.
• Ensure you can detect breaches as quickly as possible. Utilize a next-generation SIEM solution to monitor and correlate all your network activity – event logs, network flows, asset data, vulnerability information, configuration data and more – so you can identify any breaches sooner than later.
• Develop forensic capabilities to investigate breaches that do occur. Prompt detection of a breach is important, but then what do you do?  To determine the impact of an intrusion, you need to know which data, systems, applications and users are potentially involved, and wherever possible view the actual communications and actions that took place.  Event logs are necessary but not sufficient here; network and application activity monitors that capture layer 7 data provide increased visibility.
• Resolve to document and report breaches promptly when they occur. Unfortunately no product or service can help you with this.  It’s up to your executive management to not only comply with applicable reporting laws, but also communicate promptly and openly with customers, employees and other affected parties.

The first three steps above can be accomplished with a modern security intelligence solution, highlighting the critical role that security intelligence plays in planning for and responding to breaches.

Preparing for a breach is a multi-layered effort, and one that has frankly become a requirement of professional business management.  No single action is a silver bullet, but together these steps can help minimize your business’s reputational and financial risk.

It’s time to stop denying and start preparing.

—-

For more information on preparing for a breach, watch this on-demand webinar, “Today, No One is Immune to Being Hacked. What’s Your Strategy for Threat Detection and Prevention?“