The hours right after a data breach are among the most chaotic any business will encounter. You don’t want to spend them trying to improvise an intelligent, effective, and compliant response plan.
According to the Verizon Data Breach Investigations Report, you are five times more likely to find out about the event from your bank, law enforcement, or one of your customers than from your own IT department. That’s not so good to begin with, but on top of it, your business is upside down.
Suddenly you have to . . .
• identify the attack
• isolate and quarantine the threat
• spin up an investigation team
• collect and sift through logs
• identify compromised systems
• restore your critical data
• work with key technology and financial vendors
• keep upper management apprised
• keep the feds updated
• execute your breach notification plan. (What do you mean, you don’t have one?)
The headache could get worse in a hurry. More than half of successful cyberattacks exploit vulnerabilities for which there are known and well-tested patches. (Ouch.) And more than half of them trigger antivirus alerts and intrusion detection log notifications that could have provided the first signs of a compromise, if they hadn’t gone unnoticed for more than a month. (Feel like explaining that one?)
If you operate under regulatory guidelines, federal officials will also come knocking to conduct a breach investigation of their own. They’ll likely request an incident log and your latest risk analysis. Hope your record keeping has been thorough.
SLPowers is in the business of helping our clients prevent, mitigate, and survive the above scenario.
And, yes, we do mean “survive.” Roughly 60 percent of small businesses shut down within six months of a cyberattack, according to data from the National Cybersecurity Alliance, a network of public-private partnerships spreading cyber awareness.
Trust us: The worst incident response plan is the one you invent during a crisis. Instead, why not invest some time in launching a holistic conversation with business and compliance specialists who do this every day?
Give us a shout, and we’ll map out a drama-free, common sense, and affordable way forward. And save the improv for the comedy clubs.