Response
Incident response is critical to protecting confidential and EU citizen data . In addition to the mandatory data breach notification requirement , organisations must also ensure they have implemented an effective incident response plan . This plan must have been tested to ensure that employees involved in a data breach response are familiar with and fully understand the new legislation and communication process in order to report a breach .
Recovery
In the aftermath of a data breach businesses must ensure they maintain ongoing communication with the relevant authorities . This will ensure secondary loss factors are managed and keep affected data subjects regularly informed .
Data protection and the safeguarding of EU citizen data has always been an important requirement for organisations , and the impending GDPR places even greater emphasis on the value of this data . It is therefore more important than ever for organisations to fully understand their role and apply the appropriate security controls that allow them to identify and protect this data . Having an established data breach plan in place will then help organisations be familiar with the detect , response and recovery phases to ensure they limit the effect of the attack and have the relevant people , process and technology in place to continually deal with this new legal requirement .
For more information , you can view our video on the Insider Threat at www . securityplusonline . co . uk
The almost endless stream of high-end data breaches affecting some of the world ’ s biggest organisations in the last 18 months highlights the fact that no business is safe from being hacked . From the massive data breach suffered by Target to the high profile leak of Ashley Madison members ’ details , it ’ s clear that every business has to be aware of the latest threats they face from cybercriminals .
We are seeing a surprising shift to attack activity on commercial targets that exhibit characteristics typically observed in nationstate related attacks that aim to disturb economies , disrupt consumer confidence and drive political agendas . For example , health insurance provider Anthem found its name making headlines for all the wrong reasons after cybercriminals stole information on tens of millions of its customers .
Attackers are increasingly going out of their way to disguise their origins , methods and sources to gain access to their desired data , with the most popular methods observed :
Breaking the chain of traceability through the use of the free software TOR ( The Onion Router ), which hides location or browsing information .
Using compromised websites that have been registered by an unrelated third-party .
Using hosting providers that refuse to cooperate with abuse notifications or law enforcement requests .
Creating a complex series of redirect chains , which function for a single use .
Recycling codes , meaning it ’ s unlikely that the attacker is the author , or inserting misleading strings , web addresses and code paths into malicious binary files .
Obscuring DNS paths by using frequently changing IP addresses .
The natural reaction for many businesses in the wake of an attack is to seek out who has gone to the huge effort to attack them on such a scale . However , it is particularly difficult to assign attribution correctly given the ease with which hackers can spoof information , circumvent logging and tracking or otherwise remain anonymous , as outlined earlier .
Rather than being fixated on chasing down the hacker , companies should instead be focusing their attentions on the tools , techniques and procedures of their adversary ( TTP ). This gives businesses a better chance of defeating the next attack or attacker that uses a combination of the same TTP – especially as malware authors share TTP . Businesses that suspect they are dealing with a nation-state attack could in fact be dealing with a much more junior attacker that has simply acquired tools previously used by nation-state actors .
The need to improve security defences to learn from previous failures and address possible future attacks has to be a high priority that should be taken up appropriately by the IT team , while working with professional investigators with the necessary skills and resources .
Businesses should focus on a forensic investigation that profiles the attacker , but only to the extent of understanding their intent and techniques . They can then adjust their defences and processes to maintain an adaptive security approach .
Having the right balance between their priorities will maximise IT ’ s contribution to the organisation and ensure the business is appropriately prepared for future attacks . Businesses must ensure they do not get distracted by chasing attribution breadcrumbs , but instead focus their limited resources on threat prevention and remediation .
Learn more about advanced data security & protection from Forcepoint at www . securityplusonline . co . uk / forcepoint