UPDATED 12:10 EDT / MARCH 20 2013

Bouncing Back After a Security Breach

Knowing your sensitive data is in the hands of an unknown source can be a terrifying experience for anyone. IT security professionals do their best to defend and protect their organizations’ intellectual property from a myriad of threats, including hackers, insiders, and even simple misconfigurations that can leave sensitive, or regulated data inadvertently exposed. Today, the dangers surround us from both an internal and external perspective, so the need for proper security is becoming more important than ever.

Ideally, we would like to prevent breaches from happening – they are costly, time consuming to clean up, embarrassing and detrimental to our reputations. Unfortunately, with increasingly complicated network infrastructures, a breach is, frankly, inevitable — be it in house or in the cloud. One external factor, cyber attacks, has become an issue of greater prevalence. A Ponemon Institute survey demonstrates that there was a 42 percent increase year-over-year for cyber attacks to those companies surveyed. We expect these numbers to only continue to rise unless businesses get a better hold on their digital data.

The implications are absolutely staggering – just look what has been going on in South Carolina over the past four months. The state is still in the process of securing computers and notifying victims, with an estimated price tag of at least $20 million… and counting. The mere logistics of notifying both in-state and out-of-state residents has been incredible, alongside the natural PR backlash and swift response. While South Carolinians are looking to make this a one-time issue, they along with others are asking themselves the same question – what could have been done better? So how can you put a plan in place to address a breach when it happens, and quickly move from reactive panic to proactive progress?

Accept Responsibility and Find the Cause

.

Perhaps one of the more humbling steps to bouncing back after a cloud security breach is notifying all related parties that are directly or tangentially affected to the data. To compound things, you may not be the only one at fault. For instance, new HIPAA regulations unveiled last month hold business partners, associates, and affiliated handlers of medical data accountable to the same repercussions (and fines) as the ones holding the data. As a result, tensions could be high and those in hot water will certainly be looking for the scapegoat. Whether it’s you or not, playing the blame game doesn’t turn into positive results. Instead, accept the mistake and reassure your customer base about the security changes that you will be making. If fines are levied, you’ll need these partners to help keep your company afloat. More importantly, identify the issue and install the proper measures to safeguard your data moving forward.

Finding the cause seems an obvious step, but the answer is typically much more nuanced. It is time to think like a detective and retrace the steps of how your data was breached. If the implications of your breach are significant, you might want to hire a forensics professional to help. If the attacker was malicious, which passwords did they access? Who did they pretend to be? What information was taken? And the most important question that must be answered before moving forward is: “How was it done?” Once you are able to determine the cause, you can begin to prevent future attacks.

Cyber security can be a complex area for IT teams to undertake, especially with the advent of the cloud where company data lives in an area that is not typically controlled in-house. Breaches happen. And in many cases, they are difficult to pinpoint. Understanding the issues after the fact and working to proactively avoid these mistakes to seal up those mouse holes is vitally important for company success.

About the Author

Steve Pate is CTO and co-founder of HighCloud Security, bringing 25 years of designing, building, and delivering file system, operating system, and security technologies, with a proven history of converting market-changing ideas into enterprise-ready products. Before HighCloud Security, he built and led teams at ICL, SCO, VERITAS, HyTrust, Vormetric, and others. HighCloud’s resident author, Steve has published two well-respected books on UNIX kernel internals and UNIX file systems, as well as hundreds of articles and blogs.

 

photo credit: greenplasticamy via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU