Breach Management

Breach Management: Best Practices and Policies


Cybercrime puts any business at risk—more so now than ever before, as the recent Target and Sony attacks emphasize. Cybercriminals are constantly working to find devious ways to destroy brands, disrupt operations, and steal information. Breach management policies are the key to addressing these growing cybercrime risks. The two concepts that business leaders must consider while developing breach management policies are business resilience and risk management.

Business resilience is a developing concept in business continuity. Business resilience is about more than disaster recovery and business continuity. Modern business resilience means enacting policies that allow organizations to detect, fight, and manage cybercrime and information security breaches. It also means finding technologies, processes, and people that can most effectively adapt to new threats. Business resilience must incorporate all of these measures to maintain brand equity.

In the breach management and security area, best practices can change significantly as technology advances. Analysis of risk management, due care, and due diligence demands a mastery of four areas. We can summarize these as Actor, Target, Effect, and Practice, or ATEP:

  • Actor – who may target your business

  • Target – what data they are hoping to steal

  • Effect – all possible consequences

  • Practice – the techniques used to commit cybercrimes

Actors: Who Gains from Security Breaches?

An important Internet security trend is the rising number of attacks from hacker groups that are connected to and backed by governments. The Guardians of the Peace (GOP), responsible for the Sony hack, are a good example of this newer kind of group. These “hacktivists” use many of the same techniques as traditional hackers—data destruction, data leaks, malware, viruses, and website defacement—but with support from a sponsoring nation. Indicators of this kind of security breach include chatter about hacking on social media, threats regarding stolen information, and attempted denial-of-service attacks.

To improve security, management must understand the motives of potential attackers. Managers can do this by:

  • Implementing strong anti-phishing technologies and malware protection

  • Gaining insight into all geopolitical and social effects of a company’s actions

  • Planning and training for the brand equity, cyber security, public relations, and technical impacts of an attack

  • Identifying all potentially valuable corporate data from the perspective of hacktivists and the nations that support them

Targets: Employee Data, IP, Documents and Email

Corporate leadership should pay attention to hackers’ targets. What do attackers and hacktivists want from your company? Financial information is an obvious risk. But other items such as intellectual property, internal company documents, medical records (healthcare providers and insurers), customer data, plus private employee information such as banking information and social security numbers, are all prime targets.

Breach management countermeasures include studying similar businesses to determine data breach trends and avoiding any accumulation of data that isn’t necessary. Companies should classify all retained data according to company needs and risk exposure. Then employees should be trained on how to properly classify all data. Obviously, personal information about employees, intellectual property, and medical information are all prime targets. Data breaches in these areas carry significant risk exposure.

Effects: What Will Happen if You Experience a Breach?

Leaked and stolen data cause downtime, damage to your brand, and financial loss. Watch for spikes in volume of read data, unexpected changes to system files, and unusual traffic on the network, especially in the authentication area. Effective countermeasures include implementing two-factor authentication, frequent backups, and sophisticated encryption and traffic monitoring. Your company should also have separate Breach Response (BRP) and Incident Response (IRP) plans.

Practice: Long-term Breach Management

The main struggle for companies dealing with cyber security is making data accessible to those who need it, while at the same time keeping it secure from everyone else. This is because attackers typically seek out freedom of movement and escalation of privileges. Risk assessments that are informed by principles of business resilience are a good start, because not all attacks can be prevented. Internal audit reports and other risk management reporting should be central to the overall strategies and planning of the company.

These breach management best practices will help your company minimize exposure to fraud, theft, and other IT security issues. If your business resilience plan is heavily focused on prevention of cybercrimes, your company will be more successful.