How important is it to *plan for a security breach?

• You don’t want your first time fighting a security breach to be when it’s actually happening when you’re under stress and everything is on the line.
• Several things need to be planned in advance. How do you know a breach is actually happening? Who are the first people who need to be made aware? What’s the proper triage response?

When do you spread the news about an attack? And how do you do it?

• Compare a ransomware attack to a police investigation. Not all of the information is known right away. If you say too much about what’s happening, and to the wrong people, it could do more harm than good.
• Be transparent and clear to the people who DO need to know.
• “Don’t say anything you wouldn’t stake your job on, because you might have to.”
• Find the balance. Divulge information that could help customers who may be impacted by the breach.

A real-world example of what to do during a breach?

• Under Armour: My Fitness Pal phone app was hacked, hitting 150 million users. Passwords were stolen. The company stood with corporate values – they wanted to be transparent. Responded to breach in four days. Under Armour stayed focused on the customer, and coordinated quickly internally. The well-oiled decision-making process allowed them to respond so quickly with minimal collateral damage.

What can companies proactively put in place to help mitigate a cyberattack?

• Breaking attacks down into categories related to severity, and giving your company the ability to see what those attacks look like. That way, they’re easier to spot – AND the decision-making process is expedited.
• Make sure you have visibility into your network, so you can see who is doing what where, why and how. And don’t forget about your remote partners when it comes to this point.

The post Pros Explain How To Recover From A Security Breach appeared first on 6th Street Consulting.