Dealing with a Security Breach: Planning, Response & Resolution

By Kulvinder Gill | Thursday, April 5th, 2018

It’s no longer “what if” a security breach or cyber-attack occurs, but when and how it will occur. With recent data breaches such as, Saks, Lord & Taylor and Under Armour making headlines, it is imperative for firms to know what to do before a breach occurs and how to remain operational.

According to the 2017 Cost of Data Breach Study: Global Overviewed conducted by Ponemon Institute the average cost of a breach in 2013 came to $5.4 million and each year that number has risen, reaching new heights in 2017 at $7.35 million.

Knowing there is a high chance for such an attack, the only way to be ready is to have a plan in place. There are three phases of Incident Response. The most important is the planning phase. Chances are your company will see some sort of attack this year, but the question is “when?” Here is a quick breakdown of these key phases on Incident Response.

Phase 1: Planning

To be prepared for a security breach or cyber-attack, you must first have a plan. A response plan should be completed in advance of any type of incident. Put together a team of internal staff (e.g. IT, Human Resources, Operations, Client Service, BCP) and external members (e.g. public relations, vendors, law enforcement) that may need to be contacted if the attack cannot be contained. By formulating a plan in advance, roles and responsibilities will be clearly defined and minimise the potential for fallout. Once the plan has been completed, it should be presented in writing and easy accessible during any attack.

Phase 2: Response

Perhaps the most critical phase is the actual Response phase (but keep in mind, the tone of this phase is set by whether your firm has a plan in place). The overall goal of the response is to keep the firm’s top priorities in mind:

Ensure safety of staff
Fulfill key fiduciary responsibilities
Protect public/shareholders/investor
Resume business operations
Ensure financial losses will not exceed tolerance
Maintain forensic chain of custody

Phase 3: Resolution

The resolution phase allows the team to understand what occurred and devise a strategy to avoid a similar occurrence in the future. It’s critical to learn what factors may have caused the breach and, as a result, mitigate the risk of future events.