BreachExchange mailing list archives
Damage Control: After an Insider Breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 2 Jun 2015 20:33:38 -0600
http://www.jdsupra.com/legalnews/damage-control-after-an-insider-breach-48410/ In the immediate aftermath of a major security or data breach companies should re-evaluate their risk management systems. In a previous post on insider threats, we outline what a company can do to prevent risks associated with insiders. We also have written about the characteristics of a malicious insider. Today, we discuss best practices after an instance of insider theft occurs. Rapid detection of insider thefts requires that companies quickly identify suspicious activity and evaluate the potential impact. To do so will necessitate regular vulnerability scans, network monitoring, and incident investigation. Company policies regarding network access and resource control should also reflect the businesses overall risk management processes and may include monitoring online behavior, database use, and restricting removal of sensitive documents from the company. With strong policies and management systems in place, companies are in a good position to identify insider incidents early and develop adequate responses. Following detection of insider breaches, containment and mitigation should be a primary focus of a response plan. Swift implementation of this plan helps to contain further leaks and allows prompt remediation. Response plans may be different according to the type of incident detected but should involve a methodology for dealing with suspected threats as well as documentation and analysis of the incident. Recovering from an insider breach can be difficult due to the fact that these crimes can often cause significant harm to a company’s reputation and result in losses of important propriety and sensitive information and assets. A corporation’s management should be involved in reevaluating risk management strategies after a breach to identify possible weaknesses. During this process information sharing, feedback, and remediation efforts are important to improve future planning and communications. Organizations should also consider notifying law enforcement agencies of cybercrimes—a step few companies take. PwC’s 2014 US State of Cybercrime Survey found only 12% of companies report insider cyber incidents to law enforcement. Insider theft can have a significant negative impact on a company. Having a threat management system and planned response helps to quickly control the damage from thefts while remediation can reduce the likelihood of future incidents. To stay ahead of this emerging threat, companies should work to develop a clear enterprise-wide incident response and recovery plan to ensure business continuity.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Damage Control: After an Insider Breach Audrey McNeil (Jun 09)