on 03-Jun-2014 17:00
According to CNN Money, almost half of all the adults in America have had their personal information exposed in the past 12 months. This includes information like debit/credit card numbers, passwords, phone numbers, email addresses, birthdays, physical address, etc. You've seen the headlines. And you've probably wondered what life is like for those poor souls who have to clean up the mess of having their personal information stolen. Well, the reality is, if you haven't already had your information stolen, just wait...you will.
Here are a few recent examples of companies that experienced data breaches:
These are just a few of the many, many recent examples I could list. And it highlights an interesting point: is the bigger problem the fact that the data breach happened or is it the way it was handled after it happened? The Institutional Shareholder Services (ISS), a prominent proxy advisor group, said one of these companies "should have been aware of, and more closely monitoring, the possibilities of theft of sensitive information" and they advised stockholders to vote out 7 of the 10 members of the company's board. The CEO of that organization has already resigned. Would the CEO still have a job if he had handled this problem differently? Maybe, maybe not.
The fact remains that it's important to know what you are going to do in a cyber attack situation. If you are a company that collects and stores personal information on your customers, you need to have a plan. You certainly need to protect your customer's information as much as possible, but you also need to know what you will do when that information is stolen...because chances are really good that it will be. This seems like a defeatist attitude, and it's one that I don't personally like to have. But, unfortunately, it's the truth.
I won't outline a fully exhaustive data breach plan here, but I will mention a few important things to consider. By the way, I took some of these ideas from a DDoS playbook written by F5's own David Holmes...so, thanks David!
The last thing I'll say is probably the most important: practice your plan!! Set aside some time to run through your plan with all the appropriate stakeholders...I guarantee it won't go as smooth as you want the first time around.