According to the Identity Theft Resource Center, the number of data breaches jumped 68 percent in 2021 — setting a new record with a total of 1,862 events.
To IT security experts, the numbers aren’t surprising. Bad actors use extremely sophisticated methods to target sensitive data, and malicious attacks have become a prominent concern over the past several years for both government and private entities.
In order to respond to a data leak, organizations should start with a careful assessment of the leaked data and the attack vectors that compromised your system. Here’s a quick guide.
1. Audit to determine the extent of the data leak.
When data breaches occur, it’s imperative to identify whether personally identifiable information (PII) was compromised — and if so, to what extent.
Some breaches don’t expose PII to bad actors, but unfortunately, that’s not always the case. Stolen information often ends up on the dark web, available for purchase to identity thieves. Your data leak response plan should include a thorough audit of dark web resources to determine whether your company’s data is directly available. Auditing the breach can also identify the attack vectors used to compromise the data.
Regular audits are helpful even if your company hasn’t identified an active leak. Unfortunately, the vast majority of companies do not detect data breaches until the leak has been identified by third-party sources (such as news reports or law enforcement notifications). According to a report from Mandiant Consulting, the average time between the initial data leak to discovery is about 146 days.
Datarecovery.com can help your organization identify breaches by using proprietary methods to search for data on the internet and the dark web. Contact our forensic experts at 1-800-237-4200 or click here to request more information.
2. Follow your state’s reporting laws for significant data breaches.
All 50 states require entities to notify affected individuals of the unauthorized acquisition of PII. In most states, notifications must be sent within a reasonable time frame — usually 30-60 days.
Check your state’s data breach notification laws after fully auditing your breach. Depending on the nature of the stolen data, you may face significant civil penalties for failing to report the issue.
3. Create a data leak response plan.
In addition to auditing and reporting the data breach, your organization will need to form a full response plan before returning to business as normal. Some quick tips for developing a strategy:
- Designate responsibilities and set clear goal outcomes. Include managers, technicians, business partners, your legal team, forensic experts, and any other individuals who will play a role in addressing the breach.
- Identify the compromised systems and set a timeline for restoration of service.
- Engage in penetration testing (or pen testing). Pen testing services attempt to infiltrate your system using common vectors of attack. Datarecovery.com offers pen testing with remediation guidance for enterprise-level systems.
Don’t access the affected systems until you’ve fully audited the breach. To ensure an accurate forensic analysis, do not turn the systems off or attempt to address the issue without expert guidance.
4. Work with forensic experts from day one.
Data breaches can harm your brand, and responding to a leak can be expensive. Forensic experts can help you control the price of the project by accurately identifying weaknesses in your security controls and protocols.
Datarecovery.com offers essential resources for finding leaks, improving storage redundancy, and creating long-term strategies for security maintenance and disaster recovery. We work closely with your team to ensure that the threat is accurately identified, contained, and addressed — improving business outcomes and reducing your future risks.
From data leak monitoring to threat identification and penetration testing, Datarecovery.com can help your organization form a response plan. Learn more by contacting our team at 1-800-237-4200.