The life cycle of a data security incident begins and ends with preparation.
Unfortunately, there is no such thing as a network or system with “zero vulnerabilities.” There are jokes about absolute network security, including that the only secure network is one without users or one with no access. There is no perfect code, no perfect software, no perfect hardware, and even the most well-intentioned user can be socially engineered. Consequently, preparation at all levels of information security is critical to protect businesses from catastrophic attacks.
According to the National Institute of Standards and Technology, there are four phases of a data security incident: (1) Preparation before an incident occurs, (2) Detection and Analysis, (3) Containment Eradication and Recovery, and (4) Post-Incident Activity, which is essentially steps taken to ensure – as much as possible – that a similar incident does not occur in the future.
In other words, both the first and fourth phases entail taking steps to avoid a future data security incident. As a former FBI executive in charge of the data presentation and storage for the agency’s operational missions, my daily question was, How much preparation is enough? Businesses face the same daily question: What level of cybersecurity is enough to prevent or thwart an attack on our computer systems? I found that the best question to ask myself was, What would it take to prevent or thwart the most likely attacks on our computer systems?
In preparing to defend against a network attack, I found external sources of expertise to be very helpful. Instead of looking inward for answers, we invited outside professionals to thoroughly assess our cybersecurity posture— by showing us our weaknesses and deficiencies. As capable experts, they were able to point out many areas for improvement, such as hardware, software, networks, and training. As we made changes to our digital environment and training regimen, we also reviewed, edited, and drafted policies and protocols to protect our data. We then tested these internal rules and guides by engaging in internal table-top exercises. All of that helped to emphasize the importance of preparation in defending against the inevitable cyber attack.
Many businesses struggle to identify the best means of preparation against cyber attacks. Some businesses may need the proactive services of technical experts who can scan for vulnerabilities, test for intrusion vectors, provide cyber training, or design and install new systems built around the concept of security as a pillar, not as an add-on. Other businesses may require proactive services focused on new security and data handling policies and protocols along with tabletop exercises for management and staff. These measures help businesses identify security issues with the collection, processing, and management of sensitive data, such as personal information and protected health information. Other businesses may want an assessment of their internal systems, in addition to policies or protocols, to help them better prepare for a data security incident.
For every business, the need for preventive services can vary by size, industry, regulations, unique workflows or objectives, and general operations, among other factors. Each business will define its level of preparation differently. Professionals in the field of data privacy and information security know that when a business questions the sufficiency of its cybersecurity posture, the response should always be tailored to the client’s specific needs.
No matter the size or business sector, the Constangy Cyber Team can develop solutions tailored to your organization’s unique needs. Contact us today at cyber@constangy.com for support with incident response planning and practical ways to mitigate your security risks.
- Partner
Jason is a member of the Constangy Cyber Team. He provides legal counsel and representation on a variety of data privacy issues, including the identification of protected-data, application of statutory requirements for specific ...
The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation.