Login
Best practices for prevention and immediate response to a breach
Preparing for a cyber attack involves a broad set of stakeholders within a business, and it is becoming commonplace to have experienced investigation lawyers on hand to ensure that clients recover business operations as quickly as possible, while sustaining the least amount of legal, reputational, financial, and operational damage, writes Mark Goudie.
Emma Musgrave
Effective incident response planning begins with robust preparation and strategic thinking. While a large part of the responsibility for incident prevention lies with the client and their technical teams, businesses need to be thinking more broadly about who else from the organisation needs to be across the initial response.
A key role for a legal team is initially determining whether an incident involves compromise of company systems or data and the implication of any legal or regulatory guidance such as the Notifiable Data Breach Scheme in Australia. The penalties for organisations that do not report a breach from the Australian Information Commissioner are up to $340,000 for individuals and $1.7 million for organisations.
A longstanding challenge in this area is translating cyber security defences into language that demonstrates how an organisation is meeting regulatory expectations and legal requirements.
The industry response to this challenge has traditionally been checklists as a way for the legal or compliance personnel to translate requirements into legible terms, and for IT professionals to then translate technology into something others can understand upon review. However, this alone is not sufficient without the below listed steps which complete an effective response strategy.
Gaining complete situational visibility
Clients and counsel must work together to ensure comprehensive visibility into the client’s electronic environment. Advanced tools like machine learning and antivirus platforms can provide continuous coverage of the environment, enabling responders to develop a timely, comprehensive, and complete narrative about the incident.
While discussions about comprehensive visibility of an organisations network often focus on technical solutions, an experienced investigation lawyer can complement efforts to improve situational visibility across the organisation.
A legal team should coordinate with clients to proactively establish effective decision-making processes to support information flow from the technical team into the decision-making structure.
Speedy remediation
During an incident, clients want and in many cases are legally required for investigations to move quickly and offer insights about what mitigation strategies will be most effective. This need can be addressed by the 1-10-60 rule, where organisations should strive to detect malicious intrusions in a minute (or less), understand the context and scope of the intrusion in 10 minutes, and initiate remediation activities in less than an hour.
It is imperative that organisations can effectively remediate data breaches before attackers can progress and gain further access into a network. A thorough investigation with clear roles and responsibilities is key to enable faster, more complete remediation.
Having a strong pre- and post-breach strategy in place
Data breaches are inevitable and waiting for a breach to occur before designing an incident response plan is a bad idea that will ultimately cost more money due to an ineffective response.
Both technical experts and legal counsel have roles to play in helping clients identify the weaknesses and strengths of the response plan.
Technical discoveries during a response can inform both better preventative measures and proactive hunting for potential adversary activity within the client’s environment. All parties involved in response can advise development of post-breach reports that help shape future behavior. A legal team can provide essential insights to help the client prevent potential legal and reputational damage.
Mark Goudie is a services director, Asia Pacific, at CrowdStrike.
Emma Musgrave
Emma Musgrave (née Ryan) is the managing editor, professional services at Momentum Media.
Emma has worked for Momentum Media since 2015, including five years spent as the editor of the company's legal brand - Lawyers Weekly. Throughout her time at Momentum, she has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences.
Prior to joining Momentum Media, Emma worked in breakfast radio, delivering news to the Central West region of NSW, before taking on a radio journalist role at Southern Cross Austereo, based in Townsville, North Queensland.
She holds a Bachelor of Communications (Journalism) degree from Charles Sturt University.
Email Emma on:
