Wednesday, September 3, 2014

Will You Throw Up When Your Security Incident Hits The Evening News?

Reporting Security Breaches: Back in 2003 and Now.  What's  changed?


By Ed Higgins

In 2003, an article was posted that presented a hypothetical university security incident in which hundreds of thousands of historic student records and payment card information was compromised. The systems were in place (although nothing is 100%), the personnel were trained, but the study suggested that the university was not prepared to address the public when the story broke on the 6pm Evening News.

So, what has changed? Have laws and regulations been prescriptive enough to educate businesses, universities, and other establishments on their requirements to disclose the incident to the public?

Do entities know what to do when "it" happens? How to notify the victims? Do you notify the victims? You can't really hide it from the public it and keep it private, can you?  Did you know that for several years United States laws, such as California SB-1386, mandate disclosure of a security breach to potentially affected victims. No more head in the sand....


The depth and speed at which cyber crimes occur has significantly changed.  Formerly a form of crash-and-dash, today's cyber criminals operate more stealthy with better tools performing significant reconnaissance before they strike. No longer about fame [the notoriety of spray-painting a web page], these criminals carry out well planned, focused and financially motivated attacks, striking at the perfect moment.


The key to adequate incident response today is speed to identify, stop, and address the situation often using outside private investigators for independence as well as competence in the subject matter. This all has to happen much much much much faster than in the past. Bureaucratic organizations move aside!

Based on studying the incident response processes and situations during real-life actual incident investigations with hundreds of clients, I would suggest that we have a lot of work to do. We kinda need to reinvent our incident detection and response processes.


I hope you enjoyed this article, and I hope it was helpful.  


Until next time, "Watch Out For Yourself".

Ed