Suspecting data breach?

As cyber crime continues its rapid development and diversification, cyber attacks are getting easier to execute because criminals can now easily and cheaply buy tools needed for an efficient attack.

If you read the research on cyber security they all practically tell the same unpleasant truth, that statistically, it is highly likely that businesses will be subjected to some degree of data breach.

The severity of the matter is emphasized by the fact that on average, detection of data breach may take up to several months. Sometimes they are not noticed at all. Only a fraction of companies realize that they have been subjected to data breach, and usually the first information about it comes from external sources.

In these kinds of cases, unwanted users may have breached corporate networks and systems, which, in the worst case, exploit enterprise systems for additional data breaches.

In case of data breach:
  • Do not panic
    • Keep accurate notes of everything you do
  • Do not turn off the computer
    • Shutting down the computer may complicate investigation
  • Review the situation
    • Remember that skillful data breachers can cover their trail before leaving the environment
    • What information does the computer in question have? What information is potentially compromized?
    • Does the machine have personal data - and if so - does it create a risk for those registered?
    • Can the computer be disconnected from the network without having immediate effects on business?
    • Is an outside associate needed to help limiting the damage?
  • Separate the machine from the network to prevent further damage
    • Separate the machine from the network or physically disconnect the machine from the network
  • Save the data that has been collected
    • Copy and save all data related to data breach
  • Update the notes throughout the event
    • What happened?
    • When and where?
    • What information do the machines or systems have that are under attack?
      • What is the criticality of the data for business?
      • Did this system include personal information? What information?
    • Is it possible that the usernames / passwords used in the system work elsewhere?
  • Notify Data Protection Officer or the Management about the issue
    • Determine the level of the occurred data breach
    • Did any data get stolen?
    • Is it reasonable to inform the Data Protection Authority or other authorities about the situation?
    • Is it reasonable to inform the registered persons, if personal information has leaked?