How to Handle Security Incidents and Data Breaches

Security incidents and data breaches are on the rise.

The Verizon Data Breach Investigations Report (VDBIR) analyzed almost 80,000 security incidents around the world. More than 5,000 were classified as confirmed data breaches. About a third of the time, phishing is the attack vector that leads the attack. Next come web application attacks and system intrusions. An astounding 85% of breaches contain a human element, whether that is a user clicking on something malicious, compromised credentials, or an insider threat. Ransomware was present in about 13% of breaches.

Read more: 2021’s Most Successful Phishing Ploys (So Far)

Because your organization is so likely to be attacked, preparing a clear-cut security incident response plan is essential. So, what do you do if you suffer a security incident?

What Are Security Incidents?

First, you need to know what an incident is. The VDBIR defines an incident as a security event that compromises the integrity, confidentiality, or availability of an information asset. The report defines a breach as an incident that results in the confirmed disclosure of data to an unauthorized party.

Eleanor Barlow of SecurityHQ offered examples of security incidents such as:

  • Unauthorized access to a system
  • Attempts to gain unauthorized access
  • Malicious disruption or denial of service
  • Unauthorized use of systems
  • Changes to firmware, hardware, or software without consent
  • Accidental breaches, such as emails forwarded to the wrong recipients

Barlow stressed that speed is vital when it comes to breaches or security incident management. Do not waste time hoping the event won’t be serious, or attempting to cover it up. Disclose the incident rapidly, so action can be taken to limit the potential damage.

“The faster a breach is detected, the faster the response, the greater the chance systems and processes can be put in place to mitigate the consequences of the attack, or at least future attacks, and limit the cost and damage involved,” Barlow said.

Create a Security Incident Response Plan

As recently as 2016, 34% of responding U.S. IT professionals said C-level executives are never updated on security incidents. As such, your company may not be adequately prepared to face a breach. However, you can combat this problem by formulating a comprehensive response plan now.

According to Varonis, a data security and analytics company, there are six steps to creating an incident response plan:

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned

The first step to combating a security incident is preparing triage protocols. With those in place, your team can act quickly to identify and contain a threat once it appears. Only then can your organization eradicate the threat, recover salvageable data, and restore or rebuild compromised devices. The final step of your plan should be reviewing lessons learned, and implementing new measures to stop the next threat.

Review Varonis’ comprehensive guide for more details on developing a security incident response plan.

Preparing for Security Incidents Is Everyone’s Job

Preparing your organization to spot security incidents before they become breaches is key. This includes the workforce in general; prevention isn’t only up to IT or security threat analysts. When personnel know what to look for in terms of suspicious emails or links, the organization is alerted more rapidly — and your security incident plan is put into action faster.

Read more: You Really Can’t Do Enough Security Training

Take the case of someone in Finance falling for a phishing email. The person’s email account is compromised, and bad actors then use it to send phishing emails to others in the company. If personnel are not educated well, the infection will spread laterally from email account to email account, making it harder to stop. But if a vigilant employee flags the suspicious email to IT, then catastrophe can be averted.

Your organization needs to understand their legal obligations as well. Employees can be liable if they knowingly withhold knowledge of a data breach or security incident. Many industries must report breaches — and their extent — in a timely manner. Notably, FBI Director Christopher Wray recently compared the current ransomware threat to combating terrorism after September 11, 2001.

Because security incidents are so common, your best defense is preparation. Implement a security incident response plan and educate employees before your organization becomes the next Colonial Pipeline.

Drew Robb
Drew Robb
Drew Robb has been writing about IT and engineering for more than 25 years. Originally from Scotland, he now lives in Florida.

Latest Articles