As much as I dislike when people overdramatize serious situations, I do believe that it’s not a matter of when will someone try to attack your digital assets, it’s a matter of how ready you and your business are when it happens.
Over the course of the past 12 months we have had public breaches stealing the headlines on a weekly basis. The woes of U.S. retailer Target come to mind, so does Sony – and Sony again – for that matter. A lot of people believe that this is because there is an increase in cyber-attacks; others say disclosure laws are revealing breaches that would previously have been swept under the carpet.
It doesn’t really matter; the reality is breaches are happening. Whether a tired employee forgetting his laptop on the train commute home, or being the victim of a complex cyber-attack, the fact is you’re going to have to deal with data breaches.
None of this is helped by the fact that more and more assets are moving to the digital realm. You don’t need to break into a bank vault to empty it, all you need to do is find a chink in the bank’s digital armor. What makes the attacks more brazen is the fact that the perpetrator could be sitting in a different country, governed by different laws, knowing that if they are sufficiently skilled, there would be no forensic trace that would stand up in court. Furthermore, the motivation is irrelevant – the attackers could be driven by politics, money or because the voices told them to do it. That tired employee we mentioned earlier doesn’t need to forget a large folder full of documents: A lost MicroSD card the size of your fingernail could contain everything needed to drive a profitable business firmly into the red.
The fact is, your organization’s data (read “wealth”) will be out there for all to see. A focus on prevention is very important, but so is recognizing that you can’t prevent all breaches. You also need to be prepared to deal with a breach when it does happen. How well you’ve prepared will determine the following three critical factors:
- How fast you can identify that you’ve been breached;
- How much data you’re going to lose and how much damage results;
- How fast you can recover and get back to business.
Please visit my LinkedIn blog, where I outline the three fundamental steps you must take to ensure that that your organization can identify breaches, minimize losses, and recover back to full business.
If you are looking for silver bullets, look elsewhere. What you will find here is a lot of good sense driven by experience. And good sense says that more preparation can save you from catastrophic repercussions following a breach. It’s not in my nature to make biblical references, but it is worth noting that Noah built the Ark BEFORE the rain.