The 4 Steps You Need to Take to Respond to a Data Breach

With privacy regulations, threat scenarios, and legislation governing data breach response constantly changing, many organizations struggle with defining and following a consistent, defensible incident and breach management process. Rather than constantly adjusting a response plan based on the latest breach or regulatory announcement, organizations should instead look to underlying guidance or best practices. 

Exterro has developed a four-step breach response framework based on the principles articulated by the National Institute of Standards and Technology (NIST).

1. Prepare for potential cybersecurity incidents
2. Detect and analyze potential incidents to determine the best response 
3. Contain, eradicate, and recover from the impact of the incident 
4. Document and learn from the incident

Even better, these four steps don't need to be conducted manually. Technology can help. The Exterro Quick Guide to Data Breach Response lays out the key technology components you need in your data breach response solution to make sure you're effectively managing the risks posed by cybersecurity incidents.

Step One: Preparing for Cybersecurity Incidents

In today’s threat environment, there’s no question of “if” incidents will happen. It’s a question of “when.” The goal of preparation is to understand what types of incidents might occur and determine what steps need to happen and who needs to be informed, so your technology platform can automatically execute the appropriate workflow once it is triggered by an incident report.

To do this effectively, you need to have several technology capabilities, including:

• High-level overviews and granular reporting on incidents
• The ability to initiate automated, customizable workflows
• Process management and secure communication across multiple internal and external teams and stakeholders

Step Two: Detecting and Analyzing Cybersecurity Risks

Next, organizations must detect potential incidents, assess what has happened, and understand the scope of the event. Based on the analysis, multiple potential workflows may be triggered to collect and analyze incident information, while also notifying legal, IT, and other internal and external stakeholders of the event in a manner that maintains the organization’s ability to assert privilege over conversations with counsel.

To effectively detect and analyze risks, your technology solution must be able to:

• Automatically review and assess incidents and trigger remediation steps
• Define role-based responsibilities and communications in the workflows

Step Three: Containing, Eradicating, and Recovering from Cybersecurity Incidents

Once an incident has been detected, organizations’ goals shift toward limiting its impact, eliminating the problem, and remediating any damage that has occurred. The technology must be able to collect evidence, to understand the governing regulations and the organization’s responsibilities for notifications, and to provide consolidated reporting so legal and IT can make informed decisions about how to respond the incident.

To ensure you’re able to contain and eliminate cybersecurity threats, you want a technology that can:

• Capture evidence relating to the incident in a central repository
• Understand the level of severity of the incident and respond accordingly
• Offer visibility into regulatory obligations

Step Four: Documenting Compliance with Cybersecurity Regulations

Once an incident has been resolved and remediated, organizations need to document their compliance with regulatory requirements. To facilitate compliance, a technology solution should maintain an audit log of all incidents and activities undertaken in response, allow legal and IT teams to review and track incidents and responses in the system, and analyze and report on regulatory compliance and the risk associated with an incident. Equally important, incident response reporting helps organizations learn from cybersecurity incidents and respond more effectively in the future.

Make sure your breach response solution has the following capabilities:

• Provide full audit trail reporting
• Demonstrate the defensibility of your response process
• Provide legal teams detailed visibility into all reported incidents and actions taken

Download the Exterro Quick Guide to Data Breach Response to learn all of the technology capabilities you should look for in an incident and breach management solution.