Story image

Applying best practice identification to prepare for Notifiable Data Breaches

05 Feb 18

With amendments to the Privacy Act coming into effect from February 2018, Australian organisations need to be ready. Although the Notifiable Data Breach scheme focuses on an organisation’s ability to comply with their response obligations, those organisations with a comprehensive cyber security program that addresses incident identification will put them in a good position to also understand "what happened?" in the case of a breach.

While data breach impacts vary across organisations, the latest Ponemon ‘Cost of a Data Breach’ report found that the average total cost of a data breach to an Australian organisation reached $2.51 million, with the average cost per lost or stolen record at $139.

From February, this risk will be even more quantifiable for organisations, as penalties loom and organisations are required to disclose, and therefore investigate, breaches.

The Notifiable Data Breach (NDB) scheme will mean businesses could be facing penalties of up to $360,000 for individuals and $1.8 million for body corporates, if they are not compliant with the legislation, not to mention the additional risk of reputational damage to both businesses and individuals.

Although the prominence of breaches are at an all-time high, the average time for an Australian organisation to identify a breach is still 175 days. However, to meet the requirements of the NDB scheme, if an organisation is aware that there are reasonable grounds to suspect that it may have suffered an eligible data breach, it must carry out a reasonable and expeditious assessment of that suspected breach within 30 days.

With this in mind, it is clear that organisations need to focus on bringing down the number of days it takes to identify a breach, so each can be efficiently investigated and contained.

As speed of detection and response is critical, organisations ultimately need technologies and processes to help identify a breach as soon as possible. 

This includes deployment of cyber security analytics technologies to collect information that help to both detect incidents as well as quantify the scope of damage.  While the NDB may be new, many mature organisations already have a range of technologies in place to help address these requirements.

However, the NDB amendments to the Privacy Act is likely to drive those organisations to assess and adjust, or simply reinforce the need to fund or establish new practices which will better secure and protect consumer data.

Best practices for identifying a breach

1. Data is critical for analysis

If the first challenge is to identify a breach event, the next is to understand the scope of damage.  A comprehensive cyber security capability that governs and monitors access to personal identifiable data will provide the best opportunity to gain attack insights. 

Armed with the data, analytical processes can be applied to help understand the breach impact, and therefore the scope of notification required.  Such insight can then be used to prioritise new cyber security practices that specifically address the vulnerability. 

In addition, mature cyber security analytics tools draw on global threat intelligence to understand whether an attack is related to others.  If an orchestrated response process is initiated, it is the data discovered during this phase that will help to drive the incident response process toward a timely conclusion, and thereby minimise the impact to the organisation’s reputation.  

2. Learn from the experiences of others

They say there’s no such thing as a new idea, and the same is arguably true of a cyberattack. Most attacks make use of exploits that other organisations have been subjected to in the past.

By being aware of common attacks, organisations can be on the front foot to identify any weaknesses in the capacity to detect or protect against such issues.  

Like assessing software vulnerabilities, and putting in place remediation activities to avoid exploitation, the same can be said for ensuring that cyber security teams are aware of those common, public exploitations that may expose your organisation to threats.

3. Evaluate the value in what you have, and what you might have lost

Given the average time it takes to discover a breach, investigation relies on historical data that may have been archived.  This will make it difficult for organisations to understand whether a serious breach occurred, and subsequently the scope of damage.

Organisations should focus on the identification of the repositories that store and transmit customer data. Refining collection down to a distinct set of systems will help to manage the data that’s needed to ensure efficient investigation for when an incident becomes known. Such an approach ultimately leads to improved detection and containment times.

NDB covers the steps required to be completed as part of the aftermath of a breach. While it’s true organisations should do everything within their power to ensure their organisation, and their customers' data is secure, they should also be mindful of the “what if’s”.

Having the means to identify a breach may give organisations a chance to quantify and may even prevent serious damage.  Containing a breach as quickly as possible will also help to reduce the cost. 

Following not only the best practice of defence, but also of detection, helps organisations approach their cybersecurity set up holistically. Where a hacker has successfully taken advantage of a vulnerability, the saving grace may be in detecting and identifying those activities as soon as possible to best contain the damage.

Article by IBM Security Australia CTO Chris Hockings.

How McAfee aims to curb enterprise data loss
McAfee DLP aims to help safeguard intellectual property and ensure compliance by protecting sensitive data.
HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
2018 sees 1,500% increase in coinmining malware - report
This issue will only continue to grow as IoT forms the foundation of connected devices and smart city grids.
CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Oracle announces a new set of cloud-native managed services
"Developers should have the flexibility to build and deploy their applications anywhere they choose without the threat of cloud vendor lock-in.”
How AT&T aims to help businesses recover faster from a disaster
"Companies need to be able to recover and continue operations ASAP, without pulling resources from other places to get back up and running."
2019 threat landscape predictions - Proofpoint
Proofpoint researchers have looked ahead at the trends and events likely to shape the threat landscape in the year to come.
How your enterprise backup solution could fail
Even the best-trained employees are prone to error, and unfortunately, sometimes those errors affect enterprise backups.