ASSERT Your Cyber Strength
10 October 2018
Compromised data compromises goodwill. As the public wakes up to how much of its data is in circulation, how long it can be stored and how much value it has, they are rightly demanding that it be properly secured.
Consequently, a data breach has become one of the biggest threats to an organisation's reputation.
As with other crises, it is not necessarily the data breach that damages reputation but the way in which that breach was managed that can tarnish the reputation long after the facts of the story have been forgotten. Conversely, a well-managed response to a data breach can engender trust and enhance an organisation's reputation.
The focus of any cyber incident response plan should be on protecting individuals and their personal data. To help businesses ASSERT their cyber strength and with it their resilience to a cyber attack and/or data breach, Schillings has devised the following six-point plan.
- Awareness training - Customised awareness training should be put in place along with internal support for your Incident Response Team.
- Simulation – Attacks from Ransomware or phishing emails and other sorts of social engineering should all be periodically rehearsed to test infrastructure security as well as your Incident Response Team’s ability to react quickly and cohesively.
- Scanning – Your organisation’s network and website should be regularly scanned for vulnerabilities as should the digital footprints of the senior leadership and primary stakeholders.
- Ethical hack - An ethical hack should be commissioned to provide a real-time simulated attack on the company to assist in awareness training and ensure that all the employees appreciate the value of the data they are handling.
- Resilience - An analysis of the risks associated with all the possible sources of attack from bad leavers to competitors, Hacktivists etc and how they might be mitigated.
- Team - Your Incident Response Team should be regularly rehearsed and clear in their roles and reporting commitments.
To learn more about the importance of an Incident Response Team and what is required to create one, click here.
Despite the increasing complexity of some data breaches and the shift in tone of the surrounding media attention, it remains possible to regain the trust of stakeholders if a data breach is well managed. Each case is fact-sensitive and will require a considerable degree of improvisation. As with other business crises, the more that the predictable elements have been anticipated and rehearsed the better able the organisation will be to manage the unpredictable elements.Receive our monthly newsletter