CH 9: Data Breach Incident Plans Flashcards

1
Q

Confirmed disclosure of data to unauthorized party. Requires notification to authorities and/or customers.

A

Data breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A situation in which the confidentiality, integrity or availability of personal information may potentially be compromised. May not require notification.

A

Data incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Average cost of data breach worldwide

A

3.92 million

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

data breach risks for an organization

A

1) loss of revenue
2) legal & regulator fines
3) loss of business
4) impact on business relationships
5) loss of customer trust
6) damage to public perception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

data breach risks for an individual

A

emotional distress, identity theft, personal reputational harm, financial damage from misuse of credit/debit cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the top cause of breaches?

A

Malicious or criminal attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do breaches occur?

A

Malware (28%), internal actors (34%), hacking (52%), phishing (32)%, perpetrated by outsiders (62%)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you prepare for an incident?

A

Incident response team and plan in place, employee training, threat-sharing, BCM involvement, board-level buy-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can you prepare your team for an incident?

A

Training (e.g., tabletop exercises), be an active members of the incident response team, provide guidance on breach notification requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who should fund training?

A

Leaders often disagree; consider a shared-cost arrangement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who should receive training?

A

Different levels for different groups, but all employees should have a basic understanding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who should lean incident response plan creation?

A

Privacy office or legal; with help from IT, communications, HR, senior management, etc. Stakeholders will vary by organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What guidelines, processes and procedures will you need to develop in order to create an incident response plan?

A

Roles & responsibilities (who will call the shots), severity ratings and triggers for escalation, team contact info (a breach will not happen at a convenient time), how to report suspicious communications/activity, regulatory requirements, how to interact with authorities, info on key vendors and counsel (who are your lawyers that you call straight away), integration with business continuity plan, and post-incident process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the steps to take in a breach?

A

Secure your operations (e.g., stop additional data loss, secure physical areas), notify appropriate parties, and fix vulnerabilities..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are potential consequences of inconsistent messaging?

A

Evidence of poor planning, loss of trust, people make assumptions about what’s true, and legal liability issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why should internal announcements be made at the same time as external?

A

To align messaging, avoid leaks, and demonstrate transparency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What do employees need to know about an incident?

A

Information that affects their jobs, what to keep confidential,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What’s the nature of the breach? How many individuals impacted? Is information accessible and usable? Is breach likely to lead to harm? Can harm be mitigated?

A

Things to consider when deciding whether to make an external announcement if there is no legal obligation to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the costs involved with a data breach?

A

Punitive costs, first-party costs (e.g., legal counsel, crisis management), remediation costs, intangible costs (e.g., customer retention)

20
Q

What principles do breach obligations adhere to?

A

Preventing harm, collection limitation, accountability, and monitoring and enforcement.

21
Q

Why train?

A

Expose gaps, cultivate security, reduce financial liability and regulatory exposure, lower breach-related costs, preserve brand reputation and integrity

22
Q

Average cost of U.S. breach

A

8.19M

23
Q

Average number of businesses that go out of business within three years after breach

A

60%+

24
Q

Average size of a data breach

A

25,575 records

25
Q

Average cost per record

A

$150 globally

$242 in U.S.

26
Q

Average time to contain a breach

A

279 days

If the breach requires more than 200 days to conclude, it on average costs 1.2M more

27
Q

Lifecycle of a hack - from breach to containment

A

314 days

28
Q

Cost distribution of data breach over time

A

66% in year 1
22% in year 2
11% in year 3

29
Q

Cost reduction effectiveness

A

Incident response team: reduces cost by $360,000
Extensive use of encryption reduces by 360,000
Third Party breach on average increases costs by $370,000

Extensive training of incident response reduced costs by 1.2M

30
Q

Biggest factor attributed to data costs

A

Lost business

Average loss of business after data breach 1.42M

Abnormal churn of 4%

lost business is 36% of all costs; detection and escalation is 31%, notice is 5%, Post breach cost 27%

31
Q

Percentage of breaches attributable to malicious attacks

A

51% in 2019; grew from 21% in 2014

32
Q

Organizations that had not deployed security automation experienced breach costs that were _____ higher than breaches at organizations with fully-deployed automation

A

95%

33
Q

Chances of experiencing a breach within the next 2 years

A

29%

34
Q

Organization with less than 500 employees average breach cost

A

2.74M in 2019

35
Q

Average cost per health record

A

$429; all other types of records are around $100 to $200

36
Q

Origin of breach

A

50% malicious attack
25% system glitch
25% human error

37
Q

Percentage of orgs subject to cyber attacks that are small businesses

A

58%

38
Q

Breach by third party partner - primary concerns

A

1) understand what occurred
2) assess potential damage
3) set a game plan

39
Q

Breach by third party partner - primary concerns - understand what occurred

A

1) In first interview, gather as many facts as you can.
2) Ask the party to provide you their official statement so you can craft your own.
3) Follow up with notes you took down and get the vendor to confirm their accuracy.
4) Will want to know as much as possible in order to answer questions from third parties.

40
Q

Breach by third party partner - primary concerns - assess the damage

A

1) fully understand what service the partner provides to your organization
2) know what data it possesses
3) Understand how you are connected to each other

41
Q

Breach by third party partner - primary concerns - set game plan

A

When you call the vendor back, establish your rights. In the contract hopefully there is language regarding your right to audit, rforce remedy, receive communications, tailor the public notice, right to cancel contract, monetary remedies,

42
Q

Cyber Insurance Pitfalls

A

) most insurance claims are limited to attacks and unauthorized activity, and do not include coverage from accidental errors and omissions. Insurance company could simply point to a factor like human error and refuse to pay out the claim for a hacked computer system.

2) most claims are limited to only paying out losses incurred during an actual network interruption, and not for the entire period that the business has been disrupted. Cyber attack occurs over a weekend, but the business remains incapacitated for a week or more, the claim would only cover the weekend of the attack, and not any business interruption later (no loss of customers or media liability covered)

43
Q

Cyber Insurance Loss Ratio

A

Amount of claims paid out / Premiums in

2017, that figure was just 32 percent. In other words, for every $1 million in premiums that customers are paying each year, insurance companies are paying out just $320,000

44
Q

The success of any data breach response plan begins with close involvement from

A

the executive team.

45
Q

Without engagement and leadership from _____ ______ _____ ______ ______ _____, developing, maintaining and implementing effective response plans can pose a significant challenge for organizations.

A

senior leaders and board of directors

46
Q

Your internal breach response team should include the following:

A

1) Customer care
2) Executive leaders
3) HR
4) Incident lead
5) Legal
6) Information technology (IT)
7) Public relations