The pressure is on for IT departments to secure businesses’ digital assets, but the enterprise seems to have trouble keeping up. That’s according to recent findings from Trustwave Holdings, Inc., releasing its 2016 Security Pressures Report to tackle the various factors affecting how the enterprise handles the tricky matter of reigning in data loss and preventing malicious attacks.

More than 1,400 IT security professionals from around the world participated in the survey, which revealed that 65 percent of respondents feel more pressure than ever before to secure their organizations, a slight increase from last year’s 63 percent. This is due to the rising incidents of data breaches such as the recent law firm hacked for its data to be used by inside traders. The report also showed that, though there is an urgent need to secure the enterprise, there is a shortage of security expertise to handle this prevalent issue.

These high profile breaches are making IT security a board room issue for many businesses, increasing pressure from the top down. Trustwave found that 40 percent of respondents felt the most pressure immediately before or after a board meeting; 77 percent of respondents are pressured to push out IT security projects that are half-baked; and respondents see the Internet of Things as the second riskiest technology for the enterprise, the first being the cloud.

We contacted Trustwave to contextualize the findings of this report, and to glean some tips on how the enterprise can best handle the woes of a data breach.

Prepare for a data breach

We’ve heard it all before, ‘prevention is better than cure,’ but in case things go awry, it’s always better to be prepared. Trustwave shared some tips as to how the enterprise can better handle a data breach and minimize the effects of the breach once it has occurred.

Plan

Make a detailed plan as to how the company will react in case of a data breach. What will the security team do first in case of a breach? Will the servers go offline to minimize damage? Will the company give in if hackers or attackers demand ransom? These are just some of the questions that need to be addressed even before an attack occurs so the security team, as well as the whole company, is not immobilized during an attack.

Hire a forensic investigating team

Though one might not see the need to hire a forensic investigating team before an attack has occurred, a business should consider such a team as an emergency contact. A company does not want to be looking for a team to handle the breach after the attack — when the system is vulnerable, the worse the situation gets. With a forensic investigating team in place, the faster the security hole is patched and resolved.

Computer forensic investigators work similarly to crime investigators as they leave no stone unturned. In the cyber realm, that means looking into every hard drive, USB, memory zip drive, optical media and cloud storage file – anything that can store data will be carefully and meticulously scrutinized to get more information. With a computer forensic team ready, a business can collect the evidence needed to bring attackers to justice.

Hire a penetration testing team

No matter how secure the system is, there could always be a hole in the security or worse, employees could be used for the breach without their knowledge through social engineering. By hiring a penetration testing team, the security of the company will be tested at any given time without the company’s knowledge, and vulnerabilities will be exposed. This will help companies toughen up security.

Be transparent

Once a security breach has occurred, one of the most important steps is to inform employees and clients of the breach. This will help customers prepare themselves, including encouraging them to change passwords of the affected accounts and any other related accounts, so as to not extend the breach to any personal accounts. Trustwave also believes that a pre-written press release should be ready and locked in a safe place, to be distributed to the media when a breach occurs.

“There’s no guarantee, but I’ve seen a number of companies go through a data breach and have a minor business impact,” Trustwave tells us.

Photo by Senator Mark Warner