Government // Cybersecurity

11:34 AM
Claire Giordano
Claire Giordano

5 Tips On How To Prepare For A Data Breach

If you are a financial institution your cyber security defenses will be breached -- again and again. Here are five tips to respond quickly and minimize damage.

Stealing credit card and financial data is a profitable business. Everyone has seen headlines about breaches at Sony, Target, USPS, and JPMorgan. With JPMorgan Chase, personal information for 83 million customers was stolen. The recent attack at Sony Pictures is a stark reminder that the theft of IP is a real possibility — and the recent FireEye FIN4 report characterizes activities of a group that has been infiltrating Wall Street to steal confidential information on business deals and financial markets.

Once you assume that your enterprise will be breached despite even the strongest security team and the best defenses: it’s time to get ready. Here are five tips on how to prepare for a data breach.

[3 Ways Insurance Marketers Can Navigate the Technology Maze]

It’s important to create an incident response plan in advance, before a breach occurs. It cannot be an afterthought. Your organization will need a command center, established decision makers, and powerful investigative tools. You’ll need data to do the forensic analysis—so you should be collecting network traffic data now, in advance. And key to your brand and reputation is: what is your communication plan? Who do you need to notify? What will you tell board members? What will you tell customers?

The military uses war gaming techniques to prepare for battle, and many corporations use dry-runs to improve skills. Adopt these approaches. Simulate cyber attacks to find holes in your incident response. You shouldn’t be executing your plan for the first time when your business is under attack. And while you may not be able to prevent all breaches, you should be diligent in your efforts to reduce the human errors that make it easier for cybercriminals to gain access. Make sure your security patch management is a well-oiled machine, and that your process for cutting off lost employee devices is swift and immediate. One way criminals skirt defenses today is to steal an employee’s credentials via a sophisticated spear phishing attack. The time may have come to adopt two-factor authentication to mitigate the impact of stolen password credentials.

Read more tips on Wall Street & Technology.

Claire Giordano is Senior Director of Emerging Storage Markets at Quantum, focused on cybersecurity, geospatial, and other demanding government workflows. Ms. Giordano has over 20 years of experience in product management and engineering, and earned an Sc.B. degree from Brown ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/26/2017 | 6:47:18 AM
Pending Review
This comment is waiting for review by our moderators.
User Rank: Author
12/29/2014 | 4:09:39 PM
Re: My main concern is the successful attack at JP Morgan Chase
Good points, Ulf. The attack on JP Morgan is definitely a wake-up call to the industry and an indicator that businesses need to tighten their data security. I think locking down the data is the right way to go - you're right, attackers will always be finding successful ways to get around defenses.
Ulf Mattsson
Ulf Mattsson,
User Rank: Apprentice
12/22/2014 | 12:24:11 PM
My main concern is the successful attack at JP Morgan Chase
The largest US bank lost personal information of 76 million households and it took several months to detect.

I'm also concerned that the U.S. power grid could be shut down.  

Unfortunately, current security approaches can't tell you what normal looks like in your own systems and the situation is getting worse according to Verizon. Verizon is reporting that this a growing issue. Less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report by Verizon.

Attackers will always figure out how to get around defenses, so you need to lock down the data that they want to steal.

So we need to protect our sensitive data itself with modern data centric security technology. As consumers, we must demand better protection from the companies we do business with. 

Ulf Mattsson, CTO Protegrity
Register for Insurance & Technology Newsletters
White Papers
Current Issue
Insurance & Technology Digital Issue
Innovation? Check. Core modernization? Check. Security? Check. Today's insurance IT challenges don't stump this year's Elite 8.