How to Mitigate and Manage a Data Breach

  • Jul 12, 2021
  • By Santi Cuellar, Senior Manager of Solution Marketing

There’s No Such Thing as a Minor Data Breach

All data breaches are significant because someone with nefarious means has stolen precious data from you. That data can be proprietary information, internal communications, financial data, or customer information. Nothing can be “100% protected” from a breach, but security technologies continue to evolve and adapt to substantially mitigate these potentially devastating events.

How to Mitigate a Data Breach

Having a defensible security strategy is all about mitigating risk. Some hackers are motivated by a socio-political hacktivist agenda; others are just looking to make money by holding your data hostage until a ransom is paid or selling data on the black market. In all cases, the goal of a sound security methodology is to become a less attractive target by making it very difficult for hackers to breach your network. After all, hackers are criminals, and criminals are always looking for an easier target. And yes, some go after a specific entity, no matter how difficult that network may be to breach. They have been known to be quite persistent.

The following are elements to consider to mitigate a security breach.

  • Patches and Updates
    Software and Operating systems will release updates and patches that address security vulnerabilities. A good security strategy includes a process for installing timely patches.
  • Next-Gen Firewall with Unified Threat Management
    Next-generation firewalls are network security devices that provide features and capabilities not found in a traditional firewall. One of these features is Unified Threat Management, which can have multiple security features or services combined into a single device.
  • Intrusion Detection and Intrusion Prevention
    These are application security practices to help mitigate data breaches. Intrusion Detection is a reactive approach to identify a potential attack and a proactive approach to block attacks. Both are pivotal for a solid security strategy.
  • SIEM/SOC and Event Logs Reviews
    SIEM (Security Incident Event Management) is software designed to collect and analyze security logs. SOCs (Security Operation Centers) are security experts with technologies and processes to address those identified security events with the SIEM. In many cases, companies may outsource both or one of these components. In smaller IT environments, simply reviewing your security logs daily may help you mitigate a potential event.
  • Zero-Trust and MFA
    The digital transformation has enabled a widespread acceptance of a Zero-Trust methodology to network security. Zero-Trust architectures do not assume that a person sitting behind a corporate firewall is an authorized user. Ever heard of “trust but verify”? Well, this approach is more like "never trust and verify." Multi-Factor Authentication (MFA) is an aspect of the Zero-Trust approach to network security.
  • Anti-malware protection
    This is protection against viruses, spyware, adware, ransomware, and more. This functionality can now be found in next-gen firewalls.
  • Remote User and Endpoint Security
    Establishing a remote access VPN allows remotely located users to access corporate computer resources via an encrypted tunnel. Endpoint security is increasingly important in a hybrid work model as it secures all the endpoints, like laptops, cell phones, and tablets that users may have connected to the Internet.
  • PCI Compliance
    If you accept credit card payments, you must ensure that you are meeting PCI requirements. This may involve a penetration scan of your systems and additional security measures for securing credit card data.
  • The Human Firewall
    All the above security layers will help mitigate external attacks, but the human firewall helps mitigate internal attacks. Every security plan needs to include strict guidelines and education for your end-user population.

How to Manage a Data Breach

When a data breach occurs, you will have to scramble all your fighter jets, and rightfully so. This is probably one of the worst things that can happen to a company. The damages can range from short-term financial recompense to long-term damage to your brand. Having a clearly defined plan can better prepare your company for the turmoil ahead for the following days, weeks, months, and sometimes even years.

  1. Confirm that a breach has occurred.
    Due to the devastating effects of a data breach, the first step is to confirm that a violation has occurred. The last thing you want is to alert customers of a breach that never actually took place. However, time is of the essence in this first step, and it must be executed with the utmost urgency.
  2. Have remediation process identified
    You cannot wait until a data breach occurs to begin drafting this process. The remediation process must be outlined and executed flawlessly. It should include the following elements at a minimum:
    • Initiate a formal investigation into the source and motive of the breach. Accurate information sharing is critical, so the inquiry must include not only the preventive measure to avoid this happening again, but it should be the source of truth when communicating to stakeholders, authorities, and most importantly, your customers.
    • Over-communicate with internal stakeholders and with the authorities. This is not a time to try and deflect blame or responsibility. The reality is, you can have all the previously mentioned measures in place and still experience a data breach. If you hold back pertinent information from authorities and stakeholders, you will not only hinder efforts to bring those involved to justice but also harm the trust stakeholders have in your company and your ability to manage the crisis.
    • Transparently over-communicate with the impacted individuals. Once the above has been thoroughly achieved, you must notify the affected subjects of the data breach, whether internal employees or external customers or trading partners. Part of the notification should include your remediation plans that were acted upon and the measure taken to prevent this particular hack from happening again.

In Closing

2021 is off to a terrible start with regards to high-profile hacks. Couple that with the fact that many companies are undergoing a digital transformation to enable a better integrated and unified hybrid experience, it is no surprise that there seems to be a rise in data breaches. As companies complete their digital transformation journey, having a solid security strategy will help mitigate breaches during this transitional period.

About the Author

Santi Cuellar is a high-spirited business professional with over 25 years of experience in Information technology and business solutions, technical sales, and sales training, emphasizing vital strategic planning and sales management. He has extensive experience training and coaching individuals from diverse backgrounds on technical concepts and has recently added solution marketing to his curriculum vitae.