It is time to reevaluate your breach detection and response processes and protocols because with an average of 15 reported breaches a week in 2014, it is clear that the current industry practices are not working.
Breach detection and response mistakes
Focusing on prevention
Prevention as a mistake? Sounds like crazy talk, right? Well, spending all you time and resources on what’s happening outside your network can be dangerous; it can prevent you from having the time and resources to be looking inside your network. You can’t catch every attack; someone is going to get inside your network and you want to be looking for them before they find what they want and cause serious damage.
Accepting simple explanations
While it would be great to have a quick remediation, a thorough investigation of an attack is more important. Hackers will often put in some easy-to-spot malicious code to distract the victim; it makes the victim think they solved the problem when the hacker is actually somewhere else in the network hiding and causing real damage. Always dig deep when you are attacked. If a hacker was smart enough to get past your defenses, they probably won’t be easy to find.
Having no external resources
A breach, no matter how small, is a big deal financially, legally and from a marketing aspect. Chances are that your internal team does not have the expertise to deal with the aftermath of a breach, so you need to have external resources. Before a breach happens, you should find and sign contracts with legal counsel, a computer incident response firm and/or a public relations/crisis management company. Pre-arranged contracts cost you nothing until you decide to use them. You don’t want to be searching for all these resources when dealing with the stress of a breach.
Moving on like nothing happened
Every breach is a learning opportunity you can’t ignore. You need to closely analyze the entire breach from start to finish – find out how they go in, how they moved around without detection, what they wanted, what they got and what led to them being caught. Once you figure all this out, you need to make changes to your security processes, protocols and strategy based on what you learned.
To truly protect your company, you need to break down your current your breach detection and response processes and protocols and rebuild them with the information above in mind. Cyber criminals are always adapting, so you need to, too.