Don't Forget to Share this Post

Dealing with a Security Breach: Planning, Response & Resolution

By Kulvinder Gill | Thursday, April 5th, 2018

It’s no longer “what if” a security breach or cyber-attack occurs, but when and how it will occur. With recent data breaches such as, Saks, Lord & Taylor and Under Armour making headlines, it is imperative for firms to know what to do before a breach occurs and how to remain operational.

According to the 2017 Cost of Data Breach Study: Global Overviewed conducted by Ponemon Institute the average cost of a breach in 2013 came to $5.4 million and each year that number has risen, reaching new heights in 2017 at $7.35 million. 

Knowing there is a high chance for such an attack, the only way to be ready is to have a plan in place. There are three phases of Incident Response. The most important is the planning phase. Chances are your company will see some sort of attack this year, but the question is “when?” Here is a quick breakdown of these key phases on Incident Response.

Phase 1: Planning

To be prepared for a security breach or cyber-attack, you must first have a plan. A response plan should be completed in advance of any type of incident. Put together a team of internal staff (e.g. IT, Human Resources, Operations, Client Service, BCP) and external members (e.g. public relations, vendors, law enforcement) that may need to be contacted if the attack cannot be contained. By formulating a plan in advance, roles and responsibilities will be clearly defined and minimise the potential for fallout. Once the plan has been completed, it should be presented in writing and easy accessible during any attack.

Phase 2: Response

Perhaps the most critical phase is the actual Response phase (but keep in mind, the tone of this phase is set by whether your firm has a plan in place). The overall goal of the response is to keep the firm’s top priorities in mind: 

  • Ensure safety of staff

  • Fulfill key fiduciary responsibilities

  • Protect public/shareholders/investor

  • Resume business operations

  • Ensure financial losses will not exceed tolerance

  • Maintain forensic chain of custody

Phase 3: Resolution

The resolution phase allows the team to understand what occurred and devise a strategy to avoid a similar occurrence in the future. It’s critical to learn what factors may have caused the breach and, as a result, mitigate the risk of future events.

Want more information. Download our Critical Cybersecurity Threats & How to Prepare guidebook. 


This article has been updated and was originally published in January 2014.
Don't Forget to Share this Post

Related Posts

New Guide: Tech Priorities for the Modern Workplace
Post Pandemic IT Strategy for the Road Ahead: Security, Cloud and Operational Considerations + Webinar Recap
Is Your Domain Name Being Spoofed? Find out with DNStwister
Panel Discussion Roundup: Lessons Learnt in Trying Times - People, Processes & Technology
9 Steps to Create Information Security Plan
Cloud Security: Mitigating Threats in the Cloud

How Can Eze Castle Integration help you?Contact us today!

Contact Us