29 Aug 2011

How to handle a security breach

A number of recent, high-profile breaches have put the spotlight on IT security.

In the most publicised, Sony’s PlayStation network was compromised by the hacking group ‘LulzSec’, with thousands of user emails and passwords released. In Australia, NBN provider Platform Networks was successfully targeted by ‘Evil’, an unemployed truck driver and self-taught hacker.

Other wounds have been self-inflicted. Online storage service Dropbox, for instance, was a victim of its own programmers, who accidentally permitted anyone to login to any account without a password.

What these events underscore is the widening array of digital threats – from politically motivated groups, to lone operators without formal training, to internal mis-administration.

Each has potentially disastrous effects: from complete operational disruption (if the hacker in question is vindictive enough) to reputational destruction.

With that in mind, we thought we’d focus on crisis management – on the question of what should you do if your business is the subject of a security breach.

1. Have a plan ready to go. Getting hacked can be a dramatic event. Having a pre-existing set of guidelines, developed in the cold light of day, will limit the decisions that have to be made in the heat of the moment. Outline the process your business will follow, and, importantly, understand what legal requirements you’re subject to under the Privacy Act.

2. Stop the attacker. This depends, of course, on the nature of the breach and how you’ve come to know that it’s occurred, whether the hacker still has access to your system, and whether they may have compromised other areas of your network.

3. Understand what’s been compromised, and how. This can be laborious, and may require outside help. But if you’re not certain how the attack succeeded, it’s difficult to prevent it from happening again.

4. Inform your customers. In terms of its business impact, this is the most important part of handling any breach. A 2010 Symantec study found that customer turnover was the biggest cost associated with a data breach. It also found that most businesses overreact when customer data is breached – quickly informing their customer base at-large, rather than waiting to concentrate on customers who’ve been directly affected.

How you chose to react is a judgement call. If you want to involve police, the Office of the Australian Information Commissioner recommends being careful not to compromise police investigations by making the details of the hack public too early.

5. Once you’ve gone public, keep the information flowing. A certain amount of reputational damage is likely to be unavoidable in the wake of any public announcement of a breach, but failing to provide up-to-date information to customers and media will only compound the damage. Remember that your business will be judged equally on how you respond to the ‘hack’ as much as the ‘hack’ itself, if not more so.

In defending against security breaches in the first place, of course the key is to act before they occur.

There are many applications, services and devices that can help to stop intrusions on your network and proactively search for breaches as they occur. At Brennan IT, for example, we offer SecureView, which offers real-time visibility against network threats.