How to respond effectively to data breaches

By April, 2016 Exclusives, ICT

Data breaches are a common hazard in the modern digital world, so CeBIT Australia offers tips and pointers on how to effectively manage such a crisis.

In the ever-increasing list of “worst-ever government data breaches”, we’re lucky we can learn from the mistakes of others. But this shouldn’t make us complacent.

Across the globe, governments and businesses are scrambling to mitigate the damage that could be caused by potential data breaches, and further, legislation being introduced by federal governments is beginning to focus on cybersecurity and reporting requirements in the case of a serious breach

In the UK, companies that have significant breaches can be fined, so there is strong incentive there for businesses to protect their data with some organisations being penalised over AU$350,000 for severe security incidents.

In December last year, the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 was introduced in Australia so that, if passed, private organisations and federal government agencies must notify the Federal Privacy Commissioner and affected individuals in the case of a serious data breach.

So now you know what the penalties are for failing to deal with a data breach, the rest of this post aims to outline some simple standards when it comes to identifying data breaches and acting quickly on them to reduce their financial burden.

Acting quickly on data breaches to reduce financial impact

There is no doubt cybersecurity is a looming concern for both business and the public sector, with the average cost of a significant breach reaching just over $2 million in Australia, and $3.8 million in the US.

The federal government is introducing new initiatives to help allay these very legitimate concerns, with $30 million worth of funding being put into the Cyber Security Growth Centre.

There is still much work to be done in this area though, so it’s important to get a few basics down while waiting for the federal government’s recommendations.

Responding quickly to a breach once detected is undoubtedly crucial for a number of reasons. Firstly, acting quickly may require you to develop reasonable steps to prepare and implement a data breach policy and response plan.

You may have read our previous post on ‘adopting a risk-based approach to cybersecurity’, you can read more about the approach in the post, but it’s important to note that not all data breaches occur from external factors. Internal errors or failure to follow proper procedures may also result in a data leak.

Here it would be important to assess all the risks associated with a breach and create a cybersecurity policy that can handle a variety of situations. For example, in the UK last year, a CD containing data on child benefits claimants was missing, this was described as the largest data breach to occur in the UK. You need to consider all data and the potential damage that could be caused by it’s release.

Standard operating procedures for the first 24 hours

According to the Ponemon Institute’s 2015 study on the Global Cost of Data Breach, notification costs remain low, but costs associated with lost business and failure to manage business continuity are some of the main factors for the rising costs of data breaches.

iTWire recently wrote an article on data breaches and below we’ve outlined the main points.

Diagnose the situation: understanding the scope of the breach is paramount. Are there a number of mobile devices involved? Is it internal or external? Identifying the threat is the first step to being able to respond, or implement automated controls such as remotely deleting data.

Allocate roles: Clear roles need to be set in the case of a breach, and further, clear communication of the breach must be released to relevant stakeholders and parties involved. You may have a tech team to deal with the on-sight situation, but it might also be good to have someone who can communicate the scope of the problem clearly to those who may not have the required technical acuity.

Document: This is an important step in preventing the next breach that could occur. Documenting all details as to why the breach occurred will prevent the same mistake from happening again.

Return to business as usual: Getting back up and running is essential if your data is breached, either internally or externally. Not only will failing to return to business as usual be costly, but it would demonstrate that you don’t have the correct procedures in place to deal with these incidents. It’s important to note that your agency can’t remain fool proof when it comes to cybersecurity, but learning from experiences and adapting after a breach is essential to mitigating the harm caused by these incidents.

If you want to learn more about mitigating cybersecurity risks, register your pass for Cyber Security conference powered by CeBIT Australia today. CeBIT Australia will be taking place on the 2-4 May at Sydney Olympic Park, get your free visitor pass here.

More on CeBIT

From Moscow With Love, Kaspersky finalises move to Zürich

| ICT | No Comments
The great migration, capping off 2020 with a crossborder bang for cybersecurity.

Jump Forward to new podcast series from GovNews!

| ICT, Jump Forward | No Comments
Listen for FREE for our latest talks on the latest issues relating to government.
Cybersecurity firm Kaspersky will open a new Transparency Center in Malaysia inviting governments and companies to inspect source code for greater trust.

Source code inspection means trust in cybersecurity

| ICT | No Comments
Inviting governments to review the nitty gritty.
The argument for getting government to embrace writing in plain English isn’t new, but why is it so hard and is it really ‘dumbing down’?

DTA on writing for everyone

| Education, ICT | No Comments
The argument for getting government to embrace plain English isn’t new, but why is it so hard and is it really ‘dumbing down’?