Webinar Recording: Post-mortem of a data breach

How data breaches happen? What are their business implications?

Author: F-Secure Business Security Insider
Date: 15.04.2016
Read Time: 3 Minutes

Cyber security incidents are becoming commonplace. The ramifications of these incidents are often far-reaching and long lasting, with significant impact on business, financials and reputation. If your company runs a successful business, then you may be a target.

In the webinar recording below, our cyber security experts Janne Kauhanen and Jani Kallio walk you through a recent real-life data breach we investigated. This was a textbook example of strategies and tactics used by adversaries to gain access to the data they were after, including all the steps from the initial recon-phase to the final data exfiltration to the attacker’s servers.

But maybe even more importantly, we have to look at how such attacks disrupt the business of the target company. Time and again – and also in this particular case – the same three business impacts are experienced by victims of cyber-attacks.

  1. C-level employees are always less prepared for cyber security incidents than the IT departments. Although companies frequently have a crisis management process in place, that process is almost never designed to address a cyber security incident. Although the IT department will be aware of the technical repercussions of a security incident, they are seldom aware of the far-reaching implications such a situation can have on the company as a whole.
  1. A major security incident will divert C-level focus away from day-to-day business goals for months. Between the moment an incident is deemed critical enough to involve management and the point at which the extent of the crisis is fully understood, a lot of new facts come to light. While these new facts serve to increase understanding of the situation, they also cause additional chaos to ensue. Incident clean-up and resolution can take even longer than the initial investigation. Finally, the matter will linger on both the CEO’s and board’s agenda for years to come.
  1. In the event of a major cyber security incident, the C-level are accountable and will ultimately bear the largest burden of responsibility once the chips have fallen. Very often, blame will ultimately fall on management’s inadequate risk management strategy.

We often like to ask our clients why they conduct fire drills, but not “cyber drills”. Fire drills are an important part of crisis management, and are there to make sure we all know how to react in the event of an actual fire. From the moment the alarm is sounded, the whole company becomes involved, all the way up to top-level management, who must leave their important meetings and evacuate the building with everyone else. By doing these drills, we ensure safety and business continuity. So why don’t we do the same thing for a cyber-attack? Being prepared will ensure we all know how to react when an incident does happen and how to get back to business as quickly as possible afterwards. And let’s face it, what is more likely to happen, a fire or a breach?

Check out the full recording of the webinar.

Download the “ Post mortem of  a data breach webinar ” slides or learn more at our SlideShare page.