Six questions to ask once you’ve been informed of a data breach
FBI reports that cybercrime is rapidly increasing
As your technology professional, I stay current on cybersecurity threats and trends and want to keep you informed. Please be aware the business of cybercrime has escalated rapidly over the past few years as can be seen in this FBI report released in 2019.
Most alarming is that the reported financial losses to the FBI doubled from 2017 to 2018. Plus, many losses go unreported for various reasons (bad publicity, legal reasons, embarrassment, report procedure unknown). And, we are hearing that these reported losses will be much higher in 2019.
We recently returned from an IT security conference where we learned that 64% of all cyber-attacks hit small and medium sized businesses and that the average business cost due to a cyber-attack is $53,987. I strongly recommend that you proactively have policies and procedures in place to reduce these potential costs. Costs are mitigated because you and your staff know what to do and can take immediate action when you have been informed that there has been a security breach.
In addition, with the California Privacy Act going into effect on January 1, it is everyone’s best interest to know how security breaches are to be investigated and reported. You don’t have weeks or months to report the breach; you literally have 72 hours to report.
How do you begin? Here are six questions you should ask yourself and your IT staff:
1. Did a breach actually take place?
If a claim of a breach has been reported from an external source, the business must validate that it took place before the act of reporting to authorities commences. Follow the same process of validation as you would if your IT staff discovered the breach.
2. How do we respond internally to the incident?
Typically, for larger companies there is a process of escalating the communication of the potential incident up to the CISO (Chief Information Security Officer) and the general counsel. The general counsel may notify leadership if the breach is severe enough for that level of activity. For smaller companies, the CEO, the CISO and the IT roles of your company may be combined. If so, approach your general counsel now and work with him or her to have a plan in place. And, be prepared to act on that plan when the time comes.
3. How did the threat actor gain access to the IT environment?
After the breach has been confirmed and the appropriate people in the chain of command have been notified, it’s imperative to nail down how the breach occurred.
The most common access methods are via a phishing email or a password spraying or credential-stuffing attack. Many people – at all levels of any organization – tend to reuse passwords and utilize easy-to-guess passwords. We all know better, but training your employees to change their passwords and use complex passwords is your least expensive form of security and one in which everyone in the company can participate.
4. Does the threat actor still have access to our IT environment?
Once you’ve defined how the attacker gained access, it’s urgent to know if he has maintained access. Attackers can install persistent backdoors or have credentials for user accounts with privileged access. Privileged accounts with access to sensitive resources is should be monitored closely.
5. What type of information did the threat actors steal?
If the stolen data was personally identifiable information (PII) such as Social Security numbers, credit card information or protected health data, these types of breaches must be reported to the impacted individuals, often leading to public disclosures.
If the stolen data was the business’ own intellectual property, but not PII, it might not trigger data breach disclosure obligations.
6. What was the motive?
If the attackers were hunting for intellectual property or highly sensitive business data, are they nation-state actors? Were they planning industrial espionage? Are they gathering information for a targeted attack on your company?
If your company is a victim of a breach, Security pros may be needed to complete an investigation. They will also determine if the intent of the attacker was to merely disrupt business or if they made lasting changes to the systems to make it easy for them to return.
Take action now to secure your systems. Work with trusted professionals like Cantrell’s Computer Sales & Service to get professional insight on what security hardware and software solutions might be needed to secure your systems and your data from cybercriminals.
The greatest assurance that you can have is joining with us at Cantrell’s Computer Sales & Service to help combat the attacks on small businesses across the US. Call us at 925.827.1200 or email us at firstname.lastname@example.org to schedule an appointment for an evaluation.
The cost of a data breach is too high for you to ignore the risk.