In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans.
Industry-wide best practices for incident response are well established. “In general, you want breach responses to be fairly timely, transparent, communicate with victims in a timely manner, prevent further harm to victims as best as they can do that, and tell stakeholders what they are doing to mitigate future attacks,” says Roger Grimes, data-driven defense evangelist at KnowBe4.
However, as former heavyweight fighter Mike Tyson once said, “Everyone has a plan until they get punched in the mouth.” In other words, when a company gets hit with a serious data breach, the best-laid plans often go out the window.
More Stories
Friday Squid Blogging: Squid Game Season Two Teaser
The teaser for Squid Game Season Two dropped. Blog moderation policy. Read More
Clever Social Engineering Attack Using Captchas
This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually...
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
In its fourth annual report, the US Cyberspace Solarium Commission highlighted the need to focus on securing critical infrastructure and...
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
A new report by Check Point Software highlights a significant increase in cloud security incidents, largely due to a lack...
Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions
The bank giant and Quantinuum trialed the first application of quantum-secure technology for buying and selling tokenized physical gold Read...
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who...