“Our data has been compromised” are the last words that any of us wants to hear. At a cost of approximately $200 per compromised file and $20,000 per day in cleanup costs, the CISO’s job is constantly at risk, bringing about many sleepless nights.
Security expert Ondrej Krehel believes that data breaches encompass a wide spectrum and that there are two specific data issues that are most troublesome for the CISO. In a recent Forbes article, these issues were identified as follows:
Who discovers the data breach?
The first concern is the person who is delivering the news about the data breach. The majority of companies learn of their data breach from an outside source, Krehel explained. “The company is either unable to detect the breach on its own, or the security tools aren’t doing their job,” he said.
How do we handle the data breach?
The second concern is cyber intelligence. “When a breach happens, your main goal is to get rid of the enemy who has entered your network,” Krehel said. Most companies have the cyber security tools and technology supposed to prevent a breach, but too many don’t have the cyber intelligence necessary to respond to the emergency.
What will help CISOs sleep better? Krehel thinks most CISOs want better overall cyber security education and, specifically, threat response training among the staff. Creating attack/response scenarios and running drills on how to handle each situation can accomplish this. In addition, the CISO needs to develop a solid threat response plan that is updated regularly and shared across all areas of the company. Also, every employee should understand the consequences of a data breach and why it is important to immediately communicate any suspicious incidents as soon as possible.
A data breach can happen at any time, to any company, no matter how much preparation is done beforehand. However, with planning, education, and incident-response training, CISOs can create an action plan to keep a data breach from becoming their worst nightmare.
For more information on proper data breach intervention, see full Forbes article.
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.