The chances of being hacked or suffering a breach of some sort is now higher than ever and only increasing. It is vital that organisations, large and small, understand what they need to do after a breach, much of which can be summed up in a single word – planning.
This article explains what happens when an organisation is breached, using some examples of real incidents, and then provides some advice on what needs to be done in anticipation of that event.
How do I know I’ve been hacked?
Some of the following may be an indicator that you have been hacked – just being aware is a good start, and means you should do something:
- Your device does strange things – works much more slowly, shows strange content, or displays frequent unwanted adverts.
- Friends tell you they have received lots of emails from you that you didn’t send.
- You get told that your online account has been hacked.
- A client asks you to prove how well prepared you are for a data breach.
- You see strange transactions on your credit card or bank account.
I won’t be hacked, will I?
The world of cyber security is continuing to expose breach after breach of personal, sensitive and confidential information. There is no evidence at all to suggest this business problem will disappear anytime soon. There is ample evidence to show that the chances of being breached one way or another is effectively 100% – essentially not if it happens but when it does.
This needs a new way of thinking about risk which, traditionally has considered the likelihood of a risk occurring as the driving force behind countermeasures and mitigations.
Now the main consideration should be the potential impact of a breach, involving the estimation of the value of the information including the expense and difficulty of replacing/recovering it, the embarrassment its loss might cause, and several other factors.
The value of information is assessed by the degree of impact on the organisation suffering a breach of that information, usually recorded in a Business Impact Assessment (BIA). High impact means the information is high value regardless of the actual content of the information.
Having determined its value and the potential impact of its loss, it is then critical to consider a breach because, whether or not any planning has taken place, it will happen. So, if it is assumed a breach has happened, what will happen and what should be done?
Author- Andy Taylor, Lead Cyber Assessor, APMG
Originally published - 21 June 2017