Incident response and how to manage security breaches effectively

Reducing detection and reaction time are critical to business resilience in the modern era.

However, detection can be broken down further into proactive and reactive detection, with proactive detection being much more important and effective when it comes to security breaches.

Wherever possible we need to be detecting the warning signs and irregular behaviour before the security breach happens and shutting it down or at the very least mitigating it. There are new technologies using the latest in AI and machine learning that constantly monitor the sharing of files and information and alerts business users if anything looks suspicious.

Reaction time is entirely post breach and can be minimised by having the right processes and protocols already in place. Have the right training, people and processes ready, skilled and resourced. GDPR requires there to be a Data Protection Officer for example so ensure they have all the tools and training they need to react quickly and effectively.

Creating your incident response protocol

The number one aim for your incident response protocol is to minimise the potential damage from a security breach. Identify exactly what information has been breached, who has got hold of it (this isn’t easy as it can spread and change quickly), and what’s the worst outcome of that information being breached.

For example if it’s R&D data, what could be the value of it. If it’s personal data, it will be a GDPR issue. In the majority of cases the best practice is to alert the authorities and parties involved as soon as possible to minimise the impact and potential penalties.

Damage control: containing the impact on the brand and business

With so many security breaches now occurring, the potential damage to a brand in the event of a security breach is actually less than it was before. It does depend on the type and size of business however. If a large security firm or data specialist suffers a breach then their brand will be impacted far more than say an SME.

It’s important to remember that less than half of security breaches are from external sources. The majority are internal staff sharing or having access to the wrong information either maliciously or accidentally. In fact 27 percent of data breaches are caused by human error (IBM).

These breaches are often on a smaller scale but the frequency is much higher. The answer is better security and the right communication and training but equally there needs to be a cultural change away from information security being the sole responsibility of a centric IT team.

Info security needs to engage all business users and become everybody’s problem and responsibility. All staff need to be made aware of how to handle information safely and securely, how to spot incidents and what to do in the event of a breach.

Fortunately there are solutions such as Torsion that do a lot of the monitoring and detection in the background but it supports individual users and information owners directly.

By Peter Bradley, CEO at Torsion Information Security