When data breach becomes reality

data breach

What’s most likely to give CIOs and CISOs cold sweats? It’s no secret to anyone – the dreaded data breach. There are many reasons why – from data and reputation loss to customer mistrust and financial damage. Not to mention compliance fines.

It is good practice to test the security measures you have in place before theft happens. Some companies choose either their own or outsourced specialist security teams to stage a data breach and put their systems to the test. It can strengthen your security shield and make you more resilient. Yet, the key question is how to address a data breach if it happens for real?

The answer is: Don’t panic. But do act fast.

Curb the threat surface 

As the breach happens, the priority is to find the backdoor and shut it. Once the primary entrance to your system is secured, you must move quickly in order to contain the damage and make sure it does not spread further before it impacts additional enterprise devices and systems.

Yes, companies tend to panic and shut down the whole infrastructure after the breach. However, just because cybercriminals have intruded into your system, you do not have shut down your entire system. Technologies like dynamic isolation and micro-segmentation can enable tech specialists to contain the threat surface while keeping operations running.

One solution is to deploy end-to-end encryption which secures your data and makes it unreadable to uninvited guests. The surge in breach complexity, the ‘bring your own device’  trend and compliance regulations are driving encryption adoption. According to the 2020 Global Encryption Trends Study, 48% of respondents say their organization has an overall encryption plan applied consistently across the enterprise, with a further 39% having a limited plan.

Measure and target – how prioritisation can save a company’s assets

In order to see the size of the breach, it is important to go through all data, devices and systems with a fine-tooth comb in order to figure out which were impacted by the breach. This step will help to examine how they were affected, which ones will need to be refigured and if it will affect your customers.

Cybersecurity and data forensics teams can help determine the scope and source of a breach. Advanced security visibility technology also can help pinpoint the cause of such situations.

The right tools will show which customers were affected so that you can set up a step by step plan how to respond and attend to the most valuable assets and customers first.

Alert everyone who was impacted

Do not let the situation slip out so that customers start contacting you first. Not only will it have an effect on the relationship with current customers, it will have a long-lasting effect on your business reputation. Work quickly to contain the breach and alert those impacted by it as soon as possible. 

If you haven’t thought of it before, today and now is the right time to think about a crisis communications plan. It will allow you to get one step ahead of the breach situation and have less details to think of in the moment. A general layout of what has to be said to whom will give a jumpstart to successful post-breach communications. Be brief, direct and factual in sharing the details with impacted parties.

It is worthy to mention that you should always be aware of the regulatory requirements under which your company operates. General Data Protection Regulation (GDPR), for example, dictates that businesses must notify those impacted by personal data breaches within 72 hours of becoming aware of the security event.

File, summarise and stay alert for future events

Everyone knows – responding to a breach can be tricky. Yes, it is a dangerous situation which puts your reputation on the line, but it can also be a good way to practise resilience and test how prepared your business is.

That’s why it is important to file and summarise how the event has happened, so an organization has an audit trail. For example, there is software which notifies if there is an attempt to breach an organisation. Such notifications can be kept on the record and shared with relevant security teams.

No one is immune to the data breaches. Not all cybercriminals pick and choose whom to breach, some are targeting any company they can in hope that there will be weak security measurements in place. Others come prepared and use highly sophisticated techniques to obtain access to the company’s assets. Those who prepare in advance suffer the least.

Implementing identity-based management solutions and multi-factor authentication keeps cybercriminals from your precious assets. In addition, encryption and robust key management prevents them from accessing and unlocking the data they should not see.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.