Data Breach Preparation, Response and Recovery

Data breaches are a reality in today’s business world. Having a plan to respond to and recover from a security breach is essential for every organization.

According to the 2019 “Cost of a Data Breach Report,” by IBM and the Ponemon Institute, the loss of just one consumer record costs a company $150. On average, more than 25,000 records are lost in a data breach. That equates to roughly $3.9 million, on average, being lost as a result of one breach.

As stated in the IBM report, the type of business determines the lifecycle of a data breach. The average time to identify and contain a data breach is 279 days and a breach lifecycle under 120 days costs approximately $1.2 million.

The consequences of a data breach involve more than monetary loss. A decrease in organizational reputation can be even more damaging as businesses work to counteract financial losses.

Impactful Data Breaches

Most people today have either been a victim of a data breach or know someone who has had their personal data compromised. The same goes for businesses.

In 2018, there were 1,244 data breaches in the U.S. with over 446.5 million records exposed, according to the 2018 End-of-Year Data Breach report by the Identity Theft Resource Center. More than 550 data breaches affected businesses alone, with more than 415 million records exposed.

5 Noteworthy Data Breaches

According to a July 2019 report by CNBC, the five largest data breaches on record to date include the following:

1. The Yahoo breach in 2013 remains the largest breach on record, with three billion accounts affected. A second breach in 2014 affected another 500 million accounts.
2. First American Financial Corp. was hacked in 2019, resulting in 885 million records being exposed. Poor security measures were identified as the primary cause of the attack.
3. Facebook was also breached in 2019, with 540 million accounts affected. Poor security was identified as a cause for the cybersecurity attack.
4. Marriott International was hacked in 2018, leaving 500 million documents exposed.
5. Friend Finder Networks was attacked in 2016 and 412.2 million records were affected. Poor system security and hacking were determined as the main causes for the data breach.

Learn to Prepare for a Data Breach

“As it relates to preparing for a data breach, the importance of an Incident Response Plan cannot be stressed enough,” said Jayme Lara, CISSP, MS IS, an adjunct faculty member in Villanova University’s Certificate in Cybersecurity program. “Most companies are approaching the problem as not if, but when,” she said.

Lara, who teaches Villanova’s Mastering Cybersecurity/Security+ course, said data breaches are a hot issue that organizations need to be aware of and prepared for. One of the reasons the University recently revamped its program was to keep up with the latest trends in cybersecurity, data breaches and cloud computing, according to Lara.

“We touch on data breaches in Essentials of Cybersecurity, then dive deeper into the subject in the Mastering Cybersecurity/Security+ course,” she said.

“We discuss the steps needed to learn the technical aspects of containing the data breach, determining root cause, becoming operational again, and of course, lessons learned. We will also cover information channels including determining when to let the public know their data has been stolen,” she continued.

Those channels include what type of data was leaked and what the corporation’s legal requirements are in reporting the breach.

“At a high level, your Incident Response Plan is going to deal with all of that – assessing legal risk, compliance requirements, auditing your systems and crisis communication,” Lara said.

An Incident Response Plan is a documented method of approaching and managing incidents or breaches. It is used to identify, respond to, limit and counteract security incidents and breaches as they occur.

“An Incident Response Plan works to ensure that a breach is resolved as quickly as possible and with the minimal effect to an organization,” Lara said. “Historically, it is a formal step-by-step process, identifying roles and responsibilities of teams across the organization.”

When the Target holiday data breach occurred in 2013 and tens of millions of the retail giant’s customers’ data was impacted, the company did not announce the breach to the public, Lara said. Instead, a cyber blogger broke the news.

“Target should have been the first to announce it, as part of its Incident Response Plan,” Lara said. “The company took a huge hit to its reputation. Knowing the proper incident response is huge.”

In addition to the reputational hit, Target also had to pay $18.5 million in a multistate settlement. The agreement set new standards for companies that processed payment cards and kept confidential information on customers.

What to do When a Data Breach Occurs

The Federal Trade Commission offers a guide for businesses to follow in the case of a data breach.

“Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next,” the FTC article states.

Safeguard Your Operations

• Secure your systems quickly and fix vulnerabilities that may have allowed for the breach. Take steps to ensure it won’t happen again.
• Gather a team of experts to conduct a comprehensive breach response. This may include forensics, legal, information technology, human resources and communications departments.
• Consider hiring an outside investigator to determine scope and source of the breach.
• Consult with your legal counsel. Consider hiring an outside counsel that specializes in privacy and data security.
• Secure the physical area and allow forensics experts to examine all affected equipment before shutting it down.

Remove Affected Information

• If the data breach involved any personal information posted on your website, remove it immediately. Contact search engines to ensure they don’t archive the information posted in error.
• Search for your organization’s exposed data to make sure it has not been saved on someone else’s website.
• Interview all people who discovered the breach and document your findings.
• Do not destroy evidence.Allow forensics experts access to any evidence involved in a breach.

Identify and Fix Vulnerabilities

• Determine if you need to change service provider access and work with forensics experts to analyze whether your network segmentation should change.
• Determine if encryption was working when the breach occurred.
• Have a comprehensive plan to communicate with employees, customers, investors, business partners and stakeholders.

The FTC also recommends notifying all the appropriate parties, including law enforcement and affected parties. Most states have legislation requiring notification of security breaches.

“If you quickly notify individuals that their personal information has been compromised, they can take steps to reduce the chance that their information will be misused,” according to the FTC article.

How Companies Respond to a Data Breach

Prevention is key when it comes to data breaches, Lara said. “Companies need to practice defense-in-depth with multiple advanced technological solutions including encryption, intrusion detection, log management, vulnerability scanning, firewalls and more, in addition to trained cyber professionals experienced in tool usage and implementation. Having basic security policies like an Incident Response Plan in place prior to a breach is essential.”

Preparation is Essential

“Most companies expect to be breached or believe they already have been breached,” Lara said. “There are estimates that these crimes will cost [companies] about six trillion dollars by 2021 with small and medium businesses the most likely victims.”

That is why it is so important for cybersecurity professionals to know how to spot attacks, Lara said, and know what to do before, during and after a data breach occurs. 

According to Verizon’s 2019 Data Breach Investigations Report, 43% of data breaches involved small business victims.  

“No organization is too large or too small to fall victim to a data breach,” the report states. “Having a sound understanding of the threats you and your peer organizations face, how they have evolved over time, and which tactics are most likely to be utilized can prepare you to manage these risks more effectively and efficiently.”

Villanova’s Cybersecurity program teaches students about the need for increased cybersecurity measures to protect infrastructure and corporate data, and what techniques and technology could help protect organizations from a data breach.

According to Lara, Villanova’s Essentials of Cybersecurity and Mastering Cybersecurity/Security+ courses walk students through the usage and purpose of several advanced cyber tools necessary to prevent a data breach. Additionally, students will dive into components of an Incident Response Plan and the challenges and opportunities that come with containing and responding to a data breach.