Never Waste a Crisis: Best Practices for Managing Large-Scale Data Breaches

Data Breach Best Practices

By now, we are all aware that fraudsters will use anything as an entry point for attacks against your business, from phishing to malware to the #1 hacking tactic for the last four years running: the use of weak or stolen credentials. Regardless of origin, data breaches are costing more than ever – a staggering $3.86 million.

Getting proactive about breach prevention and response plans is beyond critical for businesses of all sizes, in every industry. No one is immune, and you’re never too small to get picked on – a comment we heard recently when we sat down with three security leaders for a new guide we’ve just published.

For the CISO’s Guide to Surviving a Data Breach, enterprise CISOs break down how they successfully navigated through the “worst case” scenario for any company: breaches that exposed customer data. With these first-hand accounts, we begin to understand how breaches get discovered, how to best respond internally and externally, and what processes to set in motion post-breach.

Some of the best practices we uncovered:

Pre-Breach Fundamentals

“Security education was mandatory for every employee at CareFirst, and phishing email training was part of that, but unfortunately, it was a once a year exercise.”
– Harry D. Fox, former CIO, CareFirst

  • How often are you running security trainings, and are you reporting the results all the way up to the board of directors?
  • Are you cataloging service providers with direct or indirect access to your corporate data?
  • Are you doing vulnerability scans regularly, not just once a year or every 6 months?
  • Are admins using secure passwords? What about other employees? Customers? Are you following NIST guidelines?

Breach Discovery

“The criminals had actually been inside via a number of avenues and left many of them dormant…it was clear that they had been doing their homework.”
– Roy Mellinger, former CISO, Anthem

  • Do you have a formal breach response program in place that includes both technical and business teams working together?
  • Do you have a plan for how you’ll search for and recover the missing data on the dark web?
  • How will you control communication to customers, the media, and regulators?

Post-Breach Investment

“As a security leader, your ability to obtain additional resources becomes a lot easier right after a breach.”
– Damian Taylor, former CISO, Landry’s

  • What security plans can you now accelerate – MFA, credential monitoring?
  • How can you demonstrate ROI on security investments?
  • Should you lean on cloud-based vendors and buy as a service?
Take it from the veterans – no one wants this to happen, but it’s no longer a matter of if, but when. Use this rare peek from the C-suite into the full lifecycle of real-world data breaches as a blueprint for your own prevention and response plans.

Stop exposures from becoming account breaches.