With GDPR decreeing a 72-hour grace period before European organizations must disclose data breaches, other jurisdictions are strengthening their regulations as we speak. This means that no matter where your business is located, it’s time to make a plan that will enable you to investigate incidents extremely quickly and with greater accuracy.
Prepare to respond to privacy regulations and avoid losing important data with our privacy first solution SkyFlok. We help organizations comply with privacy regulations and provide them with an incident respond plan to make sure they keep their important data safe at all times. Learn more about compliance and how SkyFlok can help your company here .
Here are the four main questions incident response (IR) teams need to ask and answer before that ticking clock winds down:
1. What’s the scope of this incident?
There’s only one thing worse than announcing leaked records, and that’s needing to make the same announcement more than once. You need to understand exactly how extensive the breach was in order to avoid this faux pas—or, like some companies, be comfortable with announcing the maximum possible number of affected users even before investigations are complete. There are pros and cons to playing it safe, but the best solution is to see what roadblocks exist in your company’s ability to investigate breaches and do what you can to remove them.
2. Is it a PCI or HIPAA violation?
When you know you only have 72 hours to gather all the information you can before reporting, it’s critical to know the exact policies you’ll need to address. Stronger breach reporting regulations don’t just mean you have less time before your customers know you’ve had an incident; they also mean you’ll be expected to answer a lot of specific and technical questions without much lead time. Understand where your critical assets lie and what potential information you’ll need to report ahead of time, so this part will be less of a burden on your IR team after a breach.
3. Who is affected?
You’ll need to be precise here in order to mitigate the damage to your company’s reputation. Security breaches are a fact of modern life, which is not to say customers don’t expect stringent protections and data privacy—but when a breach does happen, you’ll need the deep visibility required to answer these questions right away.
4. What did the attack campaign look like—and are the attackers still present?
According to a recent report from EMA on Threat Detection and Breach Resolution, only 23% of organizations investigate all critical security incidents after the initial detection. That means over 75% of organizations don’t really understand how an attacker made it past their defenses, and many times aren’t even certain if the attacker is still inside their environment. This goes hand in hand with the current breach detection gap (in 2018, attackers could dwell inside an environment for three months on average before the breach was detected).
As GDPR and similar regulations continue to position consumer privacy and security over organizational comfort, this last question will grow more and more important. We’re moving away from a time when security was considered a job for companies, not users, and the increase in publicized breach reporting will ultimately lead to customers putting their trusted organizations under more scrutiny.
Implementing frameworks like the Center for Internet Security (CIS) Top 20 Critical Security Controls can help you answer all of these questions quickly, but many organizations need help getting value out of ambitious frameworks that require better visibility and a more efficient use of security resources: here’s how an emerging category of security analytics can help.