Effective Response Plan Key to Surviving a Data Breach
The struggle the Office of Personnel Management is still having in the aftermath of having records on 21.5 million people compromised shows just how important an effective emergency response plan is for any organization with valuable digital assets. From preparedness through notification, Global Digital Forensics offers solutions to help businesses navigate a data breach from A to Z.
An article published in BankInfoSecurity on Thursday, July 16, highlighted the headache the Office of Personnel Management (OPM) is now going through in their efforts to notify the over 20 million people who were affected by two massive data breaches. While numbers that size are not typical, any business plugged into the digital world is susceptible to a data breach and needs to have an effective emergency response plan in place should the unthinkable happen.
Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions and digital forensics services headquartered in New York City, has been on the responding end of these types of emergencies many times, and has seen repeatedly just how costly and destructive a successful breach can be to all kinds of organizations. “Without a well thought out plan in place before an attack occurs, the chances of coming though it in one piece are not favorable at all, especially for small to medium sized businesses that don’t have the deep pockets and resources which are available to the larger type corporations or government agencies. But things are far from hopeless, there are things that can be done to significantly increase an organization’s chances of being able to weather the storm, but waiting to implement them will often prove too much to overcome.”
Before a breach
“We start with a thorough cyber threat assessment which takes into account a client’s unique needs, digital architecture and data work flow, reviewing policies and procedures, and helping them strengthen them, or create them from scratch if none are present,” says Caruso. “The threat vectors that are problematic for one industry or organization may not be a high priority for another. Our broad expertise lets us tailor the assessment to illuminate the right problem areas for any client.”
“Next is our comprehensive penetration testing,” continues Caruso, “which is basically us taking the role of real-world hackers and trying to infiltrate the network using a wide variety of tools and techniques, from social engineering strategies, to sophisticated phishing and spear phishing campaigns. We have many tradecraft tricks up our sleeves, just like real hackers do, and so far we have never failed to compromise our target. Our successes will only help to spotlight weakness in the client’s cyber security posture so they can be significantly improved, but a real hacker’s success could cost the client everything.”
After a breach
“Emergency incident response is next on tap, and is probably the most vital piece of the data breach puzzle,” says Caruso. “Our extensive experience in network forensics and security, as well as our ‘No Retainer Policy’, make it both cost-effective and simple to ensure your organization has a response team standing by to handle the problem, mitigate the damage and ensure regulatory compliance, all with absolutely no downside or unnecessary expenses. It just doesn’t get any easier than that to have professional, experienced assistance you can rely on in the event the unthinkable happens. Experienced emergency responders can also help businesses avoid the extremely costly pitfalls of “over-notification” by helping to quickly determine exactly which records were compromised and exactly who should be notified about the event, because as with most things in life, unnecessary excess typically doesn’t lead to a happy ending.”
“We will also work with the client, if necessary, to help them identify an internal CISO (Chief Information Security Officer). In today’s digital age, it is imperative to fill this role,” warns Caruso, “either internally, or with a competent and knowledgeable outside vendor. We will also help create an escalation matrix of responsibilities, procedures and emergency guidelines to ensure the right steps to be followed and maintained going forward are clearly spelled out.”
To survive and thrive in the digital arena and reduce the potentially debilitating impact of successful cyber intrusions and data breaches, the decision to take control of cyber security responsibilities and emergency incident response is both crucial and necessary. So don’t wait until it’s too late to get started, call Global Digital Forensics today.
The right solutions at the right price
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our data breach response page.