Cyber Resilience: How to Respond to a Data Breach

Cyber Resilience: How to Respond to a Data Breach

Every enterprise wants to know how to prevent a data breach. After all, the earliest cybersecurity models emphasized blocking digital threats from entering the IT environment. However, as hackers developed more penetrative and elusive threats, this model no longer offers sufficient digital protections.

Instead, cybersecurity—endpoint security in particular—evolved into a detection and response model. This model can uncover dwelling threats in the darkest network areas, remediate detected threats, and close security vulnerabilities as discovered. To facilitate this new era of cybersecurity, your enterprise has to learn more than how to prevent a breach. Instead, it must learn how to respond to a data breach.       

To respond to a data breach requires both preparation and strong detection, which next-generation endpoint security can provide. Here’s how:

Why You Must Prepare to Respond to a Data Breach

Hackers will target your enterprise for a cyber attack. Unfortunately, it is only a matter of time— a “when” and not an “if.” This applies to every enterprise in every possible vertical—energy, government, financial, retail, etc—and of every size.  

Recently, endpoint security providers provided some statistics to establish context on these cyber threats:

  • According to Carbon Black, 70% of all attacks attempt some kind of lateral movement. In other words, an attack in one of your network areas could result in another.
  • 31% of attack victims suffer a destructive attack, which aims to damage the IT infrastructure.
  • In a different Carbon Black report, 32% of surveyed businesses suffered an attack which began with a supply chain partner. Put another way, even an attack outside your network can cause your business harm.
  • According to Trend Micro, phishing attacks constitute 87% of high-risk email threats in 2018.
  • In a third Carbon Black study, hackers attempt approximately 1 million cyber attacks occur daily.      

Each cyber attack could prove extremely devastating to your enterprise’s reputation and long-term profitability. Whether the damage proves destructive or vexing depends on whether your enterprise prepares to respond to a data breach.

For many enterprises, this itself can prove a struggle. According to Lexington Law, 66% of Americans reported not knowing what to do during a data breach. These individuals don’t exist in the abstract. They constitute your employees, third-parties, and other users. If they don’t know what to do, your users tend to do nothing—which gives hackers a significant advantage in time and resources.

To Respond to a Data Breach, Move Beyond Prevention

To best respond to a data breach, your business must add new layers to its cybersecurity posture and endpoint security. In turn, this means deploying a next-generation endpoint security solution which can offer more than simple prevention.

While next-generation antivirus significantly contributes to your overall digital perimeter, it can’t optimally operate in a vacuum. In fact, next-gen antivirus only works when paired with other next-generation capabilities. These include:

  • Data Loss Prevention.
  • Port Control.
  • Application Control.
  • Next-Generation Firewalls.

However, to better respond to a data breach, you need to incorporate strong endpoint detection and response (EDR) capabilities. EDR allows your enterprise to discern threats which eluded your preventative capabilities. It can detect security events and create alerts for your security team in real-time for investigation.

With EDR, your endpoint security no longer depends on simply hoping the threats stay out. Instead, your enterprises can proactively respond to a data breach and remedy the threat before it enacts real damage.

Proper Incident Response Plans

Of course, part of the issue with responding to a data breach in your enterprise is knowing what you need to do. By extension, this means every employee and user needs to know how to respond to a potential data breach or cyber attack.

To achieve this, your enterprise must provide your employees with proper cybersecurity education and training. Training should continue on a regular basis and should focus on engagement and absorption. Cybersecurity education doesn’t need to take long; 15 minutes sessions a few times a month can provide all of the necessary best practices.

Cybersecurity training can help employees identify threats in real-time. However, it can’t assist them in knowing what to do during a cyber attack. Only an incident response plan can do that.

An incident response plan details how your enterprise plans to process communications and remediation during a data breach. It should outline the chain of command during the security event, describe who informs which departments when, and what employees should do.

For example, which members of your threat hunting team will handle remediation? Who will inform your PR department to write up a press release on the breach? Who sounds the all clear? All of these questions should be addressed and answered in your incident response plan.

Of course, no incident response plan functions without the involvement of your employees. Your enterprise should run drills with the regularity of fire drills (possibly more regularly) to ensure your employees know how to respond to a data breach. Additionally, this allows your IT team to examine the incident response plan; they can identify potential problem areas or inefficiencies and correct them.                    

Take Responsibility

If we could direct you to absorb any principle from this article, we would emphasize “you must take responsibility for your own cybersecurity.” How you choose to respond to a data breach depends entirely on your choices and your solution.

This principle applies even if you incorporate cloud servers and providers in your IT infrastructure. Cloud providers do not have an obligation to protect your assets on their databases; even in shared responsibility models, your enterprise must take on some of the InfoSec burdens.

Therefore, your endpoint security digital perimeter must include your cloud environments, keeping hackers from penetrating them. On the other hand, in preparing to respond to a data breach, you need to account for the cloud as well.

Usually, this involves ensuring you know all of the locations of your IT environment and preparation to adequately respond to a data breach anywhere. For example, you can work with your next-gen endpoint security to generate alerts for suspicious cloud activity.

You need endpoint security to respond to a data breach. But you also need the right attitude and training. Don’t neglect one for the other.

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me