Managing Data Breaches: What our C-suite community have learned

What has HotTopics’ technology and security leaders community learned about cybersecurity, and how is the industry responding to ongoing data breaches? 

In today's digital landscape, where data is the lifeblood of businesses and individuals alike, the spectre of data breaches looms large. Ask any security leader about their pain-points – chances are that will include data breaches.

Unauthorised access by individuals to sensitive information, spanning from personal data to corporate secrets, is what typically constitutes a data breach. The consequences of a data breach can be dire for organisations, leading to financial losses ($4.35 million, according to IBM), reputational damage and legal ramifications.

Understanding how to prevent and effectively manage data breaches has become an imperative skill for technology leaders given the increased sophistication of these attacks. We will explore the key strategies and best practices to safeguard against these cyber threats and mitigate their impact when they do occur.

Recent breaches 

To illustrate the severity and reality of data breaches, here are a few recent examples:

An accident at PSNI

The surnames, first initial, rank, base and unit of 10,000 police employees were accidentally leaked in an FOI response in August 2023. With this sensitive information in the hands of the public and threat actors, this breach has become a major cause for concerns among PSNI officers who are at risk amid the bubbling political turbulence in Ireland. The Policing Board will be carrying out an independent-led review to provide some insight into the incident, which has proven to be a very damaging breach of personal information.

The Discord.io leak

Messaging and calling platform Discord experienced a data breach that resulted in the exposure of data belonging to approximately 760,000 users. Operating under the pseudonym 'Akhirah', the hacker managed to infiltrate the database and made the personal details of Discord users available for purchase on the dark web.

Revenge on Tesla 

It was recently discovered that two former Tesla employees were responsible for a significant data leak, in May 2023, containing sensitive information including social security numbers and compromising more than 75,000 employees. The organisation’s data privacy officer reported the cause of the breach as “insider wrongdoing,” after an internal investigation revealed these former employees violated Tesla’s IT security and data protection policies by sharing the data with the media.

Proactive data protection methods

Establishing the right steps to mitigate risk includes methods such as security hygiene practices, threat intelligence, signature-based detection tools, analytics and data sanitisation, Zero Trust architecture, firewalls, endpoint detection and response solutions (internal security strategy). In addition to this, cybersecurity leaders need to ensure that they have carried out a thorough risk assessment and align your security and network architecture.

What guidance does the technology and security community at HotTopics offer to leaders?

In the roundtable discussion, Preventative Cyber Strategies for 2022, security leaders outlined what proactive methods organisational cybersecurity functions should be adopting and why. Mansi Thaparr, Head - Global Cyber Security at Apollo Tyres emphasised the importance of “organisational readiness” and “internal hardening”, such as perimeter protection, preventative cyber strategies monitoring, and Beaming technology. She advised the panellists to use the 80-20 rule when it comes to human and automation split in cybersecurity. In the same roundtable, Jenny Molanhall, at the time the NED of an NGO, shared that there were no cybersecurity measures when she first joined the company. To rectify this, she worked with the Board to help mould a security infrastructure from scratch, implementing ‘awareness training’ to help prevent attacks.

The necessity of creating a security awareness culture was highlighted in the roundtable discussion ‘Security is Everyone’s Responsibility’. The panellists included Anahi Santiago, CISO at ChristianaCare, Mel Reyes, CISO and CIO at Synchrony, Clare Ward, Digital Strategy and Transformation at @aquila and Elena Corchero, Founder and Emerging Technologies Evangelist. These leaders brought to attention the idea of a ‘defence in depth’ strategy across the organisation while using this mindset. This culture of awareness requires constant improvements and adaptations such as developing policies that meet an organisation’s compliance regulations. Halfway through the roundtable they recalled the fact that insider threats from employees are reported as a top cause of unintended data breaches. 

Data breach incident response

Rather than going with the reactive incident response, which involves responding to a security incident after it has occurred and containing the damage caused, technology and security leaders need to focus their cybersecurity efforts on more proactive measures, identifying potential threats and vulnerabilities beforehand and implementing measures to mitigate these risks.

According to data and industry experts, one of the key elements of a successful incident response plan is an organisation’s data footprint. They argue that substantial data footprint corresponds to heightened vulnerability against security breaches, underlining the critical connection between data management and incident preparedness. Alongside this, leaders need to reevaluate their risk management strategy while continuously identifying potential risks.

To stay cool during a data breach, have the following steps in mind: First, follow your pre-prepared incident response plan. For example, this would involve quickly identifying the breach, conduct an investigation, take immediate action, determine the cause of the breach and start planning the long-term plans for recovery. Most importantly, keep the evidence–don’t wipe your systems or destroy forensic data. 

Top tips to help your incident response

1. Proper communications need to be in place 
2. Provide your customers/vendors with information (leave them in the dark and face being branded as ‘untrustworthy’)
3. Establish a media policy for employees and staff to abide by (root out the rumours)

The aftermath

Dealing with the aftermath of a data breach is no easy feat.

After painstaking forensic investigations, thorough assessments and necessary repairs, the restoration of operational systems becomes paramount, contingent upon resolving the breach's root cause. 

The journey to recovery is accompanied by significant costs that demand preparedness. IBM's findings from the Cost of a Data Breach 2022 report underscore this reality, revealing that the average cost of such breaches in the US amounts to an average of $9.44 million. These figures provide a compelling testament to the financial implications that underscore the urgency of fortified data security and proactive breach response strategies.

Questions to consider

On a final note, examine the following suggestions if you find yourself uncertain about reinforcing your cybersecurity defences to safeguard against forthcoming breaches and attacks:

• What measures or remedies will guarantee your protection against a comparable breach?
• How do you plan to avert a recurrence of this incident? 
• Who will oversee security alerts, monitor detection systems and firewall logs and be accountable for responding?