Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Containment, Communication, and Remediation: The 3 Keys to a Breach Response
  • Cyber Attacks
  • Data Breach
  • Malware

Containment, Communication, and Remediation: The 3 Keys to a Breach Response

4 years ago Irfahn Khimji
Containment, Communication, and Remediation: The 3 Keys to a Breach Response

The number of U.S. data breaches reported in 2021 increased dramatically over the preceding year. As reported by the Identity Theft Resource Center (ITRC), there were 1,291 data breaches between January 1, 2021 and September 30, 2021. The volume beat out the 1,108 breaches detected over the course of Full Year (FY) 2020. It’s therefore not surprising that data compromises year-to-date (YTD) was up 27% last year compared to FY 2020.

The Myth of “Too Small to Fall”

Looking at the above statistics, small- to mid-sized (SMB) businesses might think they aren’t big enough to become caught in attackers’ crosshairs. But that’s not the case. SMBs suffer data breaches all the time. In its Data Breach Investigations Report (DBIR) 2021, for instance, Verizon Enterprise revealed that SMBs had suffered 263 data breaches in 2021. That was just slightly fewer than the 307 data breaches experienced by large organizations.

These findings raise an important question. What are some steps that small businesses should take in the event they suffer a data breach?

Understanding Breach Response

Breach responses typically focus around three main categories: containment, communication, and remediation. 

Containment

The first thing to do is to take a deep breath and understand the scope of the breach. Was it an external party that notified you, or was it something you identified internally? Getting hit with ransomware is a little more of an abrupt notification than a third party reaching out and letting you know that your systems were compromised. 
 
Either way, the next thing to do, often in tandem with the first, is to notify your local law enforcement agency. Depending on the country and jurisdiction of your business, there are various data breach reporting laws that must be adhered to. As part of this, law enforcement agencies can often help to investigate the scope of the breach and to try to track the criminals behind the attack.
 
If your local law enforcement agency does not provide this service, you would need to look at hiring an expert consultancy to help with the identification and containment. This is often a costly but necessary service in the event of a severe breach, so having something like cyber insurance or an amount set aside can help to prepare for this.

Communication

The next thing to do is to communicate to your customer base that there was a breach. Many times, businesses are worried they will lose customers if they think they have been breached. But a data breach does need to sink an organization’s stock price—especially not over the long-term. Organizations can work to repair consumer confidence following a security incident. Per Harvard Business Publishing, one of the ways they can do that is by being upfront with what they did to prepare for this type of incident and explaining how they’re making further security improvements for the future. You will not know all the details immediately, but early communication is key. Let them know that there was a breach, that it is being investigated, and that more details are forthcoming. Then further communication can be sent once it is contained, the amount of data loss is known, and the plans for remediation and compensation are put in place.

Remediation

Finally, steps need to be put in place to remediate the breach. This includes fixing whatever caused the breach and looking at what processes and procedures are in place to detect and reduce the likelihood of this occurring again. The business needs to weigh the cost of the breach against the cost of implementing mitigating controls. The containment process described above can be costly and time consuming, and it can move the focus of the business away from its primary function for a period, resulting in lost revenue for the organization. So, this might even be something to consider prior to going through a breach. 

Shift to Prevention

SMBs can use the three steps discussed above to respond to a data breach. Before that, however, they can work to prevent a data breach from occurring in the first place. The prevention steps can include things like having an up-to-date asset inventory as well as ensuring that the systems are up to date on security patches and configured securely. Users should have multi-factor authentication (MFA) set up as well as be trained on things like phishing attacks to look out for to help keep the organization secure against potential security incidents. These simple things will help to reduce the likelihood of a breach re-occurring, or if done early, it will help to reduce the likelihood of a breach occurring in the first place.

The post ” Containment, Communication, and Remediation: The 3 Keys to a Breach Response” appeared first on TripWire

Source:TripWire – Irfahn Khimji

Tags: Compliance, Malware, Phishing, Ransomware, TripWire

Continue Reading

Previous Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet
Next Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads

More Stories

  • Cyber Attacks
  • Data Breach

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

15 hours ago [email protected] (The Hacker News)
  • Data Breach

The Buyer’s Guide to AI Usage Control

16 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

17 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

21 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

23 hours ago [email protected] (The Hacker News)

Recent Posts

  • AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
  • ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
  • The Buyer’s Guide to AI Usage Control
  • Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
  • Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT