f. Identify incident reduction techniques Flashcards
Confirmed disclosure of data to unauthorized party. Requires notification to authorities and/or customers.
Data breach
A situation in which the confidentiality, integrity or availability of personal information may potentially be compromised. May not require notification.
Data incident
Average cost of data breach worldwide
3.92 million
data breach risks for an organization
1) loss of revenue
2) legal & regulator fines
3) loss of business
4) impact on business relationships
5) loss of customer trust
6) damage to public perception
data breach risks for an individual
emotional distress, identity theft, personal reputational harm, financial damage from misuse of credit/debit cards
What is the top cause of breaches?
Malicious or criminal attack.
How do breaches occur?
Malware (28%), internal actors (34%), hacking (52%), phishing (32)%, perpetrated by outsiders (62%)
How can you prepare for an incident?
Incident response team and plan in place, employee training, threat-sharing, BCM involvement, board-level buy-in
How can you prepare your team for an incident?
Training (e.g., tabletop exercises), be an active members of the incident response team, provide guidance on breach notification requirements
Who should fund training?
Leaders often disagree; consider a shared-cost arrangement
Who should receive training?
Different levels for different groups, but all employees should have a basic understanding
Who should lean incident response plan creation?
Privacy office or legal; with help from IT, communications, HR, senior management, etc. Stakeholders will vary by organization.
What guidelines, processes and procedures will you need to develop in order to create an incident response plan?
Roles & responsibilities (who will call the shots), severity ratings and triggers for escalation, team contact info (a breach will not happen at a convenient time), how to report suspicious communications/activity, regulatory requirements, how to interact with authorities, info on key vendors and counsel (who are your lawyers that you call straight away), integration with business continuity plan, and post-incident process
What are the steps to take in a breach?
Secure your operations (e.g., stop additional data loss, secure physical areas), notify appropriate parties, and fix vulnerabilities..
What are potential consequences of inconsistent messaging?
Evidence of poor planning, loss of trust, people make assumptions about what’s true, and legal liability issues.
Why should internal announcements be made at the same time as external?
To align messaging, avoid leaks, and demonstrate transparency.
What do employees need to know about an incident?
Information that affects their jobs, what to keep confidential,
What’s the nature of the breach? How many individuals impacted? Is information accessible and usable? Is breach likely to lead to harm? Can harm be mitigated?
Things to consider when deciding whether to make an external announcement if there is no legal obligation to do so.
What are the costs involved with a data breach?
Punitive costs, first-party costs (e.g., legal counsel, crisis management), remediation costs, intangible costs (e.g., customer retention)
What principles do breach obligations adhere to?
Preventing harm, collection limitation, accountability, and monitoring and enforcement.
Why train?
Expose gaps, cultivate security, reduce financial liability and regulatory exposure, lower breach-related costs, preserve brand reputation and integrity
Average cost of U.S. breach
8.19M
Average number of businesses that go out of business within three years after breach
60%+
Average size of a data breach
25,575 records
Average cost per record
$150 globally
$242 in U.S.
Average time to contain a breach
279 days
If the breach requires more than 200 days to conclude, it on average costs 1.2M more
Lifecycle of a hack - from breach to containment
314 days
Cost distribution of data breach over time
66% in year 1
22% in year 2
11% in year 3
Cost reduction effectiveness
Incident response team: reduces cost by $360,000
Extensive use of encryption reduces by 360,000
Third Party breach on average increases costs by $370,000
Extensive training of incident response reduced costs by 1.2M
Biggest factor attributed to data costs
Lost business
Average loss of business after data breach 1.42M
Abnormal churn of 4%
lost business is 36% of all costs; detection and escalation is 31%, notice is 5%, Post breach cost 27%
Percentage of breaches attributable to malicious attacks
51% in 2019; grew from 21% in 2014
Organizations that had not deployed security automation experienced breach costs that were _____ higher than breaches at organizations with fully-deployed automation
95%
Chances of experiencing a breach within the next 2 years
29%
Organization with less than 500 employees average breach cost
2.74M in 2019
Average cost per health record
$429; all other types of records are around $100 to $200
Origin of breach
50% malicious attack
25% system glitch
25% human error
Percentage of orgs subject to cyber attacks that are small businesses
58%
Breach by third party partner - primary concerns
1) understand what occurred
2) assess potential damage
3) set a game plan
Breach by third party partner - primary concerns - understand what occurred
1) In first interview, gather as many facts as you can.
2) Ask the party to provide you their official statement so you can craft your own.
3) Follow up with notes you took down and get the vendor to confirm their accuracy.
4) Will want to know as much as possible in order to answer questions from third parties.
Breach by third party partner - primary concerns - assess the damage
1) fully understand what service the partner provides to your organization
2) know what data it possesses
3) Understand how you are connected to each other
Breach by third party partner - primary concerns - set game plan
When you call the vendor back, establish your rights. In the contract hopefully there is language regarding your right to audit, rforce remedy, receive communications, tailor the public notice, right to cancel contract, monetary remedies,
Cyber Insurance Pitfalls
) most insurance claims are limited to attacks and unauthorized activity, and do not include coverage from accidental errors and omissions. Insurance company could simply point to a factor like human error and refuse to pay out the claim for a hacked computer system.
2) most claims are limited to only paying out losses incurred during an actual network interruption, and not for the entire period that the business has been disrupted. Cyber attack occurs over a weekend, but the business remains incapacitated for a week or more, the claim would only cover the weekend of the attack, and not any business interruption later (no loss of customers or media liability covered)
Cyber Insurance Loss Ratio
Amount of claims paid out / Premiums in
2017, that figure was just 32 percent. In other words, for every $1 million in premiums that customers are paying each year, insurance companies are paying out just $320,000
The success of any data breach response plan begins with close involvement from
the executive team.
Without engagement and leadership from _____ ______ _____ ______ ______ _____, developing, maintaining and implementing effective response plans can pose a significant challenge for organizations.
senior leaders and board of directors
Your internal breach response team should include the following:
1) Customer care
2) Executive leaders
3) HR
4) Incident lead
5) Legal
6) Information technology (IT)
7) Public relations
