there are concrete steps which can be taken to substantially reduce the overall cost of a successful data breach, but the first step is to finally decide to take action
New York, NY (PRWEB) June 10, 2013
With the recent release of the Symantec-sponsored eight annual industry study, the 2013 Cost of Data Breach Study conducted by the Ponemon Institute, there was one point in particular that should be on the minds of business decision-makers everywhere; what actions can significantly drive down the potentially crushing costs of a successful data breach. Global Digital Forensics (GDF) founder and CEO/CTO, Joe Caruso, has been on the front lines of the cyber battleground for corporations and businesses since the infancy of the Internet. “I’m so glad it was spelled out explicitly in black and white right there in the executive summary and not lost in a mountain of statistics and numbers, because there are concrete steps which can be taken to substantially reduce the overall cost of a successful data breach, but the first step is to finally decide to take action, now, before the costly aftermath of a successful breach wreaks havoc on your business,” he said.
The statement in the study Caruso was referring to was this, “Factors that decrease the cost (of data breaches). US and UK companies received the greatest reduction in data breach costs by having a strong security posture, incident response plan and CISO appointment. The US and France received the greatest cost reduction from the engagement of consultants to support data breach remediation.”
The costs to businesses stemming from even one successful data breach can be immense.
“A successful data breach can hit a company on many fronts,” Caruso said. “First there is the cyber espionage factor. Competitors and other corporate enemies may get their hands on valuable intellectual property, like design plans, manufacturing secrets and the like. Calamity is a weak word to describe what happens when a competitor beats you to market with your own ideas, processes and procedures.”
“Then there is the trust factor. Clients, vendors and investors can be a fickle bunch. When you’ve been compromised, they’ve been compromised, and unless you can prove to them you were not sleeping at the wheel and took every measure possible to protect them and their data and quickly identified and thoroughly rectified the problem, they’ll just hop over the fence to that competitor’s pasture, which in their mind must be greener. But with the right approach, you'll find even this fickle bunch are not totally unreasonable regarding the realities of cyber security.”
“Next up of course is cold, hard cash, yours and everyone else that may have trusted you with PII (Personally Identifiable Information), like account numbers, Social Security numbers, or anything else that could help an attacker commit theft and/or fraud, and this certainly does circle the wagons back to the trust issue in a hurry.”
“Then, to wrap it all up with a nice big bow, you’ve also got regulatory agencies to deal with, and the teeth of sanctions and fines they can bring to bear. Add it all together, and that’s how you get to numbers hovering around $200 per record breached, and that’s a hefty number when a typical breach can include thousands upon thousands of records.”
The big three, a stronger security posture, an emergency cyber incident response plan and a CISO.
“The study is right on the money regarding what organizations need to do in order to financially survive a data breach and its aftermath, and we help clients on all those fronts. We start with a thorough cyber threat assessment which takes into account a client’s unique needs, digital architecture and data work flow, reviewing policies and procedures, and helping them strengthen them, or create them from scratch if none are present. The threat vectors that are problematic for one industry or organization may not be a high priority for another. Our broad expertise lets us tailor the assessment to illuminate the right problem areas for any client.”
“Next is our comprehensive penetration testing, which is basically us taking the role of real-world hackers and trying to infiltrate the network using a wide variety of tools and techniques, from social engineering strategies, to sophisticated phishing and spear phishing campaigns. We have many tradecraft tricks up our sleeves, just like real hackers do, and so far we have never failed to compromise our target. Our successes will only help to spotlight weakness in the client’s cyber security posture so they can be significantly improved, but a real hacker’s success could cost the client everything.”
“Emergency incident response is next on tap, and is probably the most vital piece of the data breach puzzle. Our extensive experience in network forensics and security, as well as our ‘No Retainer Policy’, make it both cost-effective and simple to ensure your organization has a response team standing by to handle the problem, mitigate the damage and ensure regulatory compliance, all with absolutely no downside or unnecessary expenses. It just doesn’t get any easier than that to have professional, experienced assistance you can rely on in the event the unthinkable happens. Experienced emergency responders can also help businesses avoid the extremely costly pitfalls of "over-notification" by helping to quickly determine exactly which records were compromised and exactly who should be notified about the event, because as with most things in life, unnecessary excess typically doesn't lead to a happy ending.”
“We will also work with the client, if necessary, to help them identify an internal CISO (Chief Information Security Officer). In today’s digital age, it is imperative to fill this role, either internally, or with a competent and knowledgeable outside vendor. We will also help create a matrix of CISO responsibilities, escalation procedures and emergency guidelines to ensure the right steps to be followed and maintained going forward are clearly spelled out.”
To survive and thrive in the digital arena and reduce the potentially debilitating impact of successful cyber intrusions and data breaches, the decision to take control of cyber security responsibilities and emergency incident response is both crucial and necessary. So don’t wait until it’s too late to get started, call Global Digital Forensics today.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.