Modern data breach mitigation, explained

View all blog posts under Articles

Data security is a serious concern for businesses across all industries. Hackers probe corporate networks constantly, searching for system vulnerabilities to gain access to mission-critical applications, sensitive files and other key digital assets. Unfortunately, many find success.

Cybercriminals orchestrated more than 1,000 major data breaches last year, according to the Identity Theft Research Center and CyberScout. Roughly 35 million sensitive files were lost in these attacks, many of which came from government and health care organizations. This alarming state of affairs has forced businesses to invest in digital defenses. Enterprise information technology security spending is expected to hit $90 billion in 2017, according to Gartner. However, even as IT departments bolster their security capabilities, more breaches are likely to unfold.

“There’s no such thing as a completely protected system,” ethical hacker and data security consultant Ralph Echemendia explained in a sponsored post for Wired.

Most organizations maintain breach mitigation strategies as a result. When cybercriminals gain access to internal networks, IT professionals and other organizational stakeholders put these plans into action to protect as many sensitive files and systems as possible. While specific practices vary, most firms follow a common breach mitigation workflow containing these key steps:

A doctor working on laptop

Breach detection and identification

Pinpointing the breach is, of course, the first phase of the mitigation process. In many cases, third-party solution providers – cloud services vendors, for instance – are first to take notice of network intrusions. In fact, only 33 percent of organizations identified their own breaches in 2013, according to the cyber security firm FireEye.

External IT partners deploy sophisticated system monitoring platforms and staff data security specialists who can use this technology to quickly spot breaches. Few normal businesses possess these capabilities.

However, some do maintain breach detection systems, which analyze network traffic and look for peculiarities, TechTarget reported. Regardless of the methodology, enterprise breach detection takes time. The average breach detection time worldwide was 146 days in 2011, FireEye found.

Once IT teams observe abnormal network activity, the vector identification phase begins. Cybercriminals use myriad viruses and hacking techniques. However, actual human-executed intrusions lead the way, as more than 60 percent of cyberattacks involved hacking in 2016, Verizon Wireless found. Malware usage is also common. In most cases, cybercriminals embed these nefarious programs into seemingly official emails, which unsuspecting workers access. Of course, some use a simpler yet more difficult-to-detect method: the stolen password. Over 80 percent of hacking-related breaches carried out in 2016 involved purloined login credentials, according to Verizon.

Short-term breach mitigation

After detecting and identifying a breach, most IT teams move onto short-term mitigation tactics, CIO reported. This step normally involves isolating infected applications or servers and creating local copies to start a “chain of custody.” IT personnel should then work with external partners to close off backdoors and prevent further system intrusions.

Some data security specialists recommend bringing in new third-party help when networks have been compromised, according to data security software provider Digital Guardian.

“The data breach happened on your current IT provider’s watch, so they have a vested interest in keeping your business, and may not tell you the whole truth,” Stephen Ward, vice president of East Coast operations in the U.S. for the operational risk management firm Pinkerton, told Digital Guardian. “By bringing in an unbiased, third-party specialist, you can discover exactly what has been accessed and compromised, identify what vulnerabilities caused the data breach, and remediate so the issue doesn’t happen again in the future.”

Team-based planning

After mitigating the immediate damage, stakeholders create a cross-functional response team to deal with the long-term fallout. This group should prepare to take on a variety of tasks, from updating employees to analyzing compromised data. In fact, the latter activity is of supreme importance, following the immediate repair of exploited network vulnerabilities. The breach’s extent will determine next steps.

Customer communication

Forty-eight U.S. states, along with Guam, the District of Columbia, Puerto Rico and the Virgin Islands, have data breach notification laws on the books, according to the National Conference of State Legislatures. Generally, these codes, which vary depending on the state, mandate companies notify customers and business partners in the event that their sensitive information is lost in a data breach.

In most cases, such laws pertain to only personal identification data, including bank account and Social Security numbers, the American Bar Association reported. The actual state of the lost data is another key variable. For instance, 46 states do not require notification if the data involved in the breach is encrypted and therefore unusable.

The issue of potential harm is the final consideration. States like Arizona demand companies send notification if the information can hurt customers or business partners.

In addition to notifying the aforementioned parties, companies victim to hackers should also contact local and federal law enforcement, according to the Federal Trade Commission. The police can offer assistance during the investigatory phase. Additionally, some states require the presence of law enforcement during all data breach investigations.

Internal legal teams normally draft the breach notification. Although no standard template exists at the moment, the ABA recommended offering readers high-level insight into the incident while outlining company breach mitigation practices and offering any assistance possible.

Health care organizations must adhere to more robust notification requirements set out in the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act, according to the Department of Health and Human Services. These pieces of legislation mandate all companies in the health care space notify not only patients and business associates but also the HHS secretary and media organizations.

Long-term planning

Once breached businesses mitigate the immediate impact of the intrusion and established communication lines with customers and partners, they must move on to long-term remediation activities. This kind of planning is absolutely essential, as it can prevent similar attacks from occurring in the future.

“Companies should make a remediation plan that’s tailored to the incident,” Tatiana Melnik, an attorney specializing in data security, told CIO. “This means that the company must undertake a true and honest assessment of what happened and the cause or causes for the incident. The remediation plan should include addressing any security issues, but also employee training and monitoring programs.”

Indeed these fixes can drastically reduce the likelihood of future breaches and help restore lost trust.

The future of breach mitigation

Innovators in the data security space continue to build out breach mitigation best practices in an effort to minimize the damage newer more advanced threats can cause. Of course, technology firms also make meaningful contributions. Many now offer next-generation firewall technology that gives IT teams the power to carefully monitor network traffic and perform Secure Sockets Layer/Transport Layer Security inspections on files of any size, the data security firm SonicWall found. Active data breach detection systems are also in the works, according to the SANS Institute. These solutions may soon usher in an era of automated threat response, in which artificial-intelligence-powered platforms track massive data sets and lock into nuances such as network user behavior.

At the moment, this fantastical future may seem far off. However, now that companies understand the impact of data breaches and other cyberattacks, many embrace innovation in the data security space. The average organization spent more than $3.6 million per instance of data loss in 2016, according to research from IBM and Ponemon Institute. With the stakes this high, change is the only option.

UAB’s online MS MIS degree

Are you interested in taking part in this industry-agnostic effort to improve enterprise data protection practices and technology? Consider enrolling in the online Master of Science in Management Information Systems program at the University of Alabama at Birmingham. Here, you can build on your technical knowledge while also obtaining the leadership skills needed to obtain key data security roles such as Chief Technology Officer or IT Security Manager.

The online MS MIS program at UAB features six core courses, including Information Security Management, as well as data security-centered concentration courses such as Attack and Penetration, and Incident Response and Business Continuity.

U.S. News and World Report ranked UAB’s Master of Science in Managment Information Systems program among the top 20 online graduate computer information technology programs. Additionally, the Department of Homeland Security and the National Security Agency have designated UAB a National Center of Academic Excellence in Information Assurance Research.

Do you want more information about the MS MIS program at UAB? Connect with an enrollment advisor today.

Recommended readings:
Mobile Devices Present Corporate Security Challenges
10 Formidable Corporate Security Risks for 2017

Sources:
1. http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
2. https://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2016.pdf
3. http://www.idtheftcenter.org/2016databreaches.html
4. https://www.sonicwall.com/SonicWall.com/files/96/96655294-bd99-4546-b8f8-8a8fe988d2bb.pdf
5. http://apps.americanbar.org/litigation/committees/criminal/articles/spring2014-0414-practice-tips-mitigating-data-breach-risk-liability.html
6. http://investors.fireeye.com/releasedetail.cfm?ReleaseID=839454
7. https://www.wired.com/brandlab/2015/05/chilling-scenarios-keep-privacy-security-experts-night/
8. http://www.cio.com/article/2692972/data-breach/5-steps-to-take-when-a-data-breach-hits.html
9. http://www.computerweekly.com/opinion/Five-best-practices-for-mitigating-insider-breaches
10. https://cloudacademy.com/blog/data-breach-prevention-mitigation/
11. https://www2.fireeye.com/rs/848-DID-242/images/RPT-M-Trends-2017.pdf?mkt_tok=eyJpIjoiTnpOa1pUUmhabVV4TmpkaSIsInQiOiI0S1hwNXd3dXhtZ01uWTlqWGkxVEY0WGFTaUNWd3pIOXcrd0hrVGIyYXVub1FOYmw1d0YxRkdmNFwvMlB6MXJJWXZjSEJsa1JmcnJ2emlaakRqaFFIWWh6WVdcL0pcL3B4N1VVYW4rMkpcLzVTWGpoYUsxUm1vcmNaSFZzaWs0eklSOTgifQ%3D%3D
12. https://www.fireeye.com/company/press-releases/2016/fireeye-releases-first-mandiant-mtrends-emea-report.html
13. http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
14. https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business
15. https://businessdegrees.uab.edu/mis-degree-masters/
16. https://businessdegrees.uab.edu/course-descriptions-msmis/
17. https://www.americanbar.org/publications/blt/2011/08/02_raether.html
18. https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
19. https://www.ibm.com/security/infographics/data-breach/