Most data breaches seem to follow a predictable timeline. From the initial breach to the long-term recovery tactics, there’s a natural flow of the events that take place during a data breach. With an eye to these elements, you can prepare your company to quickly handle unfortunate situations and take the best possible measures now to minimize these threats.
Introduction of Malware
Image via Flickr by Christiaan Colen
Successful data breaches are never detected when the hacker makes initial contact with the company. Determining the initial introduction of the malware involves working backward from the time the breach is discovered. Major retailers, like Target or TJ Maxx, are often compromised via malware in their POS systems. Emory Healthcare was hacked through its appointment system. The nature of your business will determine your weakest point. Wherever it is, you can be sure that savvy hackers will find it.
Discovery of the Breach
Data breaches may be discovered days, weeks, or even months after the initial attack, though these timelines seem to be getting shorter as companies become increasingly aware of the ever-present threat of data theft. TJ Maxx was compromised in July 2005, but it didn’t detect the intrusion until December 2006. In stark contrast, the Emory Healthcare breach is believed to have happened around the new year, and was detected promptly on January 3.
Initial Public Announcement
Public entities strive to warn the public as early as possible about data breaches, yet this is a sticky situation for everyone involved. Follow the news stories regarding any major data breach, and you’ll find that early information is drastically different from what’s revealed in final reports. While customers have a right to know that their information was compromised, it’s important to note that early estimates and initial press releases are rarely accurate regarding the scope and scale of data breaches.
Investigation and Resolution
A thorough investigation is the next step following a data breach. It can take months for IT security personnel to fully comprehend the damages done during a major data breach. Though some companies may be detecting breaches sooner, data breaches themselves are as prevalent as ever. In 2016, there were over 4,100 data breaches exposing more than 4.2 billion records.
While companies may be able to stop the leak of information quickly, full recovery from a data breach takes much longer. Following the Target data breach during the 2013 holiday season, the retailer laid off 475 employees at its headquarters, faced over $200 million in costs associated with the data breach and spent another $100 million updating its technology.
Regaining customer confidence is critical during this time. Companies must incorporate security best practices and demonstrate their commitment to preventing future attacks while simultaneously offering recovery solutions for those who were affected, to minimize the impact.
Dealing with a data breach is never a small-scale affair, but it is one that you can recover from if you’re well-prepared and act as quickly as possible. Do all you can to protect yourself now, and keep a contingency plan in place for even the most unlikely attacks on your information.