Afterword

In little more than a decade, data breaches grew from a nameless problem to a pervasive, insidious epidemic. Today the number of breaches is overwhelming, especially considering that many breaches are never publicly reported. Data breaches affect our economy, drain resources, and damage reputations of otherwise highly functional organizations. Every organization on the planet is at risk of a data breach, and therefore it is critical that we develop effective, scalable tactics for managing them.

The purpose of this book is to establish a practical, lasting foundation for data breach management. Along the way, we studied real data breaches, identified critical decision points, and provided lessons learned.

Key takeaways from this book include:

  • Data = Risk (Chapter 2, “Hazardous Material”): Storing, processing, or transmitting data creates risk for an organization. The most effective way to reduce your risk of a data breach is to minimize the data you collect and to carefully control what remains.

  • The Five Data Breach Risk Factors (Chapter 2): These five general factors influence the risk of a data breach: retention, proliferation, access, liquidity, and value.

  • A Data Breach Is a Crisis (Chapter 3, “Crisis Management”): Every crisis is an opportunity. It’s important to recognize that data breaches are crises, which have the potential for both negative and positive consequences, depending on how you react.

  • Manage DRAMA (Chapter 4, “Managing DRAMA”): In order to successfully navigate a data breach response, your organization must:

    • - Develop your data breach response function.

    • - Realize that a potential data breach exists by recognizing the signs and escalating, investigating, and scoping the problem.

    • - Act quickly, ethically, openly, and empathetically to minimize the impact of a breach.

    • - Maintain data breach response efforts throughout the chronic phase and potentially long term.

    • - Adapt proactively and wisely in response to a potential data breach.

  • Breached Data Is Valuable (Chapter 5, “Stolen Data”): When breached data is exploited, it is typically used for fraud, sale, intelligence, exposure, or extortion.

  • Strategies for Industry-Specific Breach Response (Chapter 6, “Payment Card Breaches,Chapter 7, “Retailgeddon,” and Chapter 9, “Healthcare Breaches”): Breaches involving payment card data or healthcare information are typically affected by industry-specific regulations and standards, such as PCI and HIPAA.

  • We Are All Connected (Chapter 8, “Supply Chain Risks,” and Chapter 13, “Cloud Data Breaches”): The risk of a data breach is transferred throughout our global society in a massive, complex web of suppliers, customers, and peers. As organizations increasingly move sensitive data to the cloud, the risks and rewards of a shared infrastructure become ever-more apparent.

  • Exposure and Extortion Tactics (Chapter 10, “Exposure and Weaponization,” and Chapter 11, “Extortion”): In the past few years, tactics involving data exposure and cyber extortion have matured. Today, professional groups around the world engage in data exposure and extortion operations, for a variety of purposes.

  • Transfer Risk (Chapter 12, “Cyber Insurance”): Cyber insurance has given us new ways to transfer risk while fundamentally altering breach response practices.

There are many open issues to be resolved before data breach management stabilizes. For example:

  • In the coming years, more regulations undoubtedly will emerge. Ideally, the confusing patchwork of state, national, and international regulations will merge into a more unified approach to data breaches, although the complexity may become worse before it gets better.

  • Society needs to develop a comprehensive, unified definition for data breaches in order to establish standards for preventing, managing, and responding to them.

  • Effective approaches for tracking and measuring data breaches need to be developed, beyond vendor reports and news stories.

  • Standards for monitoring, logging, and controlling data in the cloud need to be defined and implemented in order to facilitate the growing issue of breach response in the cloud.

We are in the infancy of an industry. This is both a stressful time and one that is full of potential. Everyone involved in data breach management right now has a voice and an opportunity to initiate positive change. This book provides a strong foundation for understanding the current state of data breaches, with the goal of helping all of us work toward a better future.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.170.187