Light Dark
October 18, 2017 By David Strom 2 min read
Incident Response
Application Security
Data Protection

As more companies suffer breaches and leak private data online, it becomes harder for organizations to be transparent and establish trust with their customers. Recent incidents have shown that many experts underestimated the total impact of a data breach in terms of the actual number of users affected and the volume of data made public. Many companies take too long to notify all the relevant parties about a breach, in some cases waiting months or even years to alert the people and vendors involved. Post-breach responses tend to rely on poorly constructed websites that contain ambiguous lawyerspeak and little actionable information.

But enough of the doom and gloom — how about some positive points of action? Below are my own recommendations to help companies regain trust in the age of the data breach.

Honesty Is the Best Policy After a Data Breach

First, being transparent means being as open and honest as you can. Always tell the truth and don’t hide behind your lawyers. Sugarcoating a breach never works and can easily backfire, creating more negativity and diminishing trust.

Next, take ownership. If your IT department dropped the ball, say so. If your network was breached through a third party, be clear about that, too. If you haven’t segmented your networks properly, say that, and fix the problem as soon as possible.

While many companies may be reluctant to divulge exactly what happened, everyone makes mistakes. Admitting them and clearly explaining what happened can help breached organizations regain customer trust.

Listen to the podcast: Understanding the Media Hacks of 2017

Strengthen Policies and Passwords

Take steps to strengthen your protective policies, products and people. Firing a scapegoat isn’t enough. Instead, invest money and other resources in your security infrastructure and give the right people sufficient authority to make progress with these improvements. Don’t just add window dressing or another firewall layer. If you’ve yet to suffer a breach, you might as well assume that you will soon.

Look at your user base’s password collection and educate them about authentication protocols, single sign-on (SSO), phishing and whaling attacks. Poor password choices are still the easiest way for fraudsters to enter an enterprise. All it takes is one highly placed employee with a weak password and it’s game over. I recently attended a Penn & Teller magic show that featured a segment that makes fun of poor password choices. It’s high time we fixed this problem.

Related: 2017 Ponemon Institute Cost of a Data Breach Study

Trust Takes Time

Finally, it’s crucial to realize that information security is a journey, not a destination. Put these practices in place and strive for continuous improvement, not just a one-time quick fix. Make sure you have management buy-in to gradually improve your security posture. Trust takes time, and these are just a few of the many methods to accumulate it.

 |  |  |  |  | 
David Strom
Security Evangelist

More from Incident Response
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

March 6, 2024

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature