Stealing credit card and financial data is a profitable business. Everyone has seen headlines about breaches at Sony, Target, USPS, and JPMorgan. With JPMorgan Chase, personal information for 83 million customers was stolen. The recent attack at Sony Pictures is a stark reminder that the theft of IP is a real possibility — and the recent FireEye FIN4 report characterizes activities of a group that has been infiltrating Wall Street to steal confidential information on business deals and financial markets.
Once you assume that your enterprise will be breached despite even the strongest security team and the best defenses: it’s time to get ready. Here are five tips on how to prepare for a data breach.
1. HAVE A STRONG INCIDENT RESPONSE PLAN
It’s important to create an incident response plan in advance, before a breach occurs. It cannot be an afterthought. Your organization will need a command center, established decision makers, and powerful investigative tools. You’ll need data to do the forensic analysis—so you should be collecting network traffic data now, in advance. And key to your brand and reputation is: what is your communication plan? Who do you need to notify? What will you tell board members? What will you tell customers?
2. ERADICATE COMPLACENCY
The military uses war gaming techniques to prepare for battle, and many corporations use dry-runs to improve skills. Adopt these approaches. Simulate cyber attacks to find holes in your incident response. You shouldn’t be executing your plan for the first time when your business is under attack. And while you may not be able to prevent all breaches, you should be diligent in your efforts to reduce the human errors that make it easier for cybercriminals to gain access. Make sure your security patch management is a well-oiled machine, and that your process for cutting off lost employee devices is swift and immediate. One way criminals skirt defenses today is to steal an employee’s credentials via a sophisticated spear phishing attack. The time may have come to adopt two-factor authentication to mitigate the impact of stolen password credentials.
Read the complete article (and all 5 tips for preparing for data breaches) at Wall Street & Technology.
Claire Giordano is Senior Director of Emerging Storage Markets at Quantum, focused on cybersecurity, geospatial, and other demanding government workflows. Ms. Giordano has over 20 years of experience in product management and engineering, and earned an Sc.B. degree from Brown ... View Full Bio