Securing business data

News Article

White Paper: What should HBO do now? Five Key Steps to Take Following a Security Breach

by Giulia Foss | 07 Aug 2017

Throw away the script...

If you're an avid watcher of TV series', you'll be aware that the most recent cyber-security breach to 'hit our screens' is that of HBO's award winning and much discussed show, Game of Thrones.

Although the leak of a few episodes of a much awaited series may not sound too nefarious, the reality is the hackers claim to have gotten away with more than 1.5 terrabytes of data including; financial documents, emails and some customer information, all of which can be used as ransom to some degree or another.

The new actors in cyber attacks...

The type of attacks we are seeing nowadays and the people we see committing them  has fundamentally changed. It used to be that underground hackers would look to outdo each other based on who could hack the biggest or toughest networks, almost a game of bravado and ego. It was a demonstration of intelligence, and although disruptive, costly and troublesome, it was something that was less frequent and less organised.

Now cyber-attacks are becoming far more sophisticated, committed by highly organised groups with the intent of generating huge swathes of cash or even meddling with a country's politics. Something which has been highlighted with the recent American Presidential elections.

The reality is these attacks have huge implications for society as a whole, their reach is wide ranging and their effects can be immeasurable in the long term

A view of what's to come...

These days, data breaches are an all too common occurrence. Barely a week goes by without a high-profile attack taking place. With increasing legislation and regulatory compliance coming into play; these announcements are set to become more familiar. 

Much advice is given about how to reduce the risk of attack, but little is said about what to do when an attack occurs. In this paper, we'll examine the importance for organisations to be prepared and have a solid security incident response plan in place. 

Five key steps

When the worst does happen and your organisation suffers a breach, what are the steps you should take to minimise the impact? 

1. Triage: Don’t panic – it may be a natural reaction, but from our experience, it doesn’t solve anything. Avoid the temptation to simply pull the plug or turn the machines off. Directly after a breach, things often seem worse than they are. Your main goal should be business continuity. 

2. Data analysis: Carefully analysing the data involved in the incident is crucial to understanding what actually happened. It may sound simple but over the years, we have seen too many cases that are misdiagnosed early on, resulting in incorrect remedial actions.

3. Communication: One of the biggest issues we see with incident response is a lack of internal communication – from board level down. Depending on the type of incident, it may be that communication with the rest of the organisation and external bodies such as third-party agencies, customers and regulatory authorities is necessary.

4. Resolve and recover: Assuming the incident handler and the technical team assigned to the incident has control, you should be on the way to resolving the issue and heading towards recovery. The road to recovery may involve rolling back disaster recovery (DR) applications, beginning to restore data from backups or simply closing the incident. Whatever the situation, the incident will not be properly resolved until all recovery actions are complete.

5. Lessons learned: Following an incident, organisations can be quick to fall back into routine. It’s important that you learn from every security incident to minimise the risk of it taking place in the future. 

To find out more about incident response, including how to develop a robust incident response plan for your organisation, read the full paper here.

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere