Obsession with cyber breach notification fuelling costly mistakes Computer Weekly

pSTOCKYE STUDIO stockadobecomppRegulations such as the General Data Protection Regulation GDPR and the Australian Prudential Regulation Authoritys Apras CPS 230 standard have led organisations to become really obsessed with the 72hour notification window following a data breach according to Shannon Murphy global security and risk strategist at Trend MicroppHowever this focus means many are still making common and costly mistakes when dealing with incidentsppMurphy said the lack of a formal incident response plan increases the stress on those handling such events and consequently people are burning out This highpressure environment can lead to two other critical risksppThe first is evidence being damaged destroyed or otherwise invalidated by panicked attempts to restore services as quickly as possible The second is the human tendency to start a blame game which can also lead to evidence being deliberately concealed or destroyedppHaving a suitable incident response plan can mitigate all of these issues said MurphyppShe recommended having a designated observer whose sole job is to account for everything that is done in response to the breach from both a technical and human perspective over at least the first three daysppKey technical aspects include strategies for log preservation such as storing logs away from the operational network as well as establishing outofband communications as the breach may have compromised tools such as Slack and Teams The absence of a plan for such situations is likely to result in decentralised and likely informal communicationsppWhile knowing how to deal with a breach is important Murphy sees a growing interest in achieving longterm resilience An analogy would be working to prevent fires from occurring as well as planning ways to put them outppAlthough technologies like extended detection and response XDR remain important proactive risk awareness is attracting increased attentionppThe first step is identifying the organisations crown jewels the most operationally and reputationally important systems and data This requires a comprehensive discovery and inventory process to identify all IT assets not just physical items such as servers and PCs but also intangibles including software and identities Once an organisation knows what it has it should check all assets for misconfigurations and remediate them in order of priority to reduce the attack surfaceppThis means organisations should pressure suppliers to release patches promptly for any discovered vulnerabilities While it is still up to organisations to apply those patches Murphy said suppliers including Trend Micro can provide customers with virtual patches to offer protection in the interimppFinally she advised organisations to validate and test the measures they have taken for example by engaging a red team to test defencesppMurphy said Trend Micros red teams succeed in 99 of their first engagements with new clients but this falls to 30 in the second By the end of the process the success rate is less than 1 she added highlighting the effectiveness of iterative testingppAlthough organisations have enough compute power to perform continuous security validation and build digital twins of their IT environments there is still a tonne of value in a human red team engagement she advisedppMurphy warned that while it is often easier to deploy and update security controls in a cloud environment developers and marketing departments are inclined to spin up new cloud systems without involving security teams creating shadow IT risks Fortunately she added there are opensource and commercial tools that can help keep track of the IT landscapeppPreparing for and responding to breaches is not solely a job for IT and security staff Legal communications executive and other teams must be involved in the process according to MurphyppYouve got to practise your people skills and get buyin from other parts of the organisation she saidppIt is up to the organisation as a whole to decide between accepting the current level of risk and making changes and realising that reduces the pressure on the security team added MurphyppThe good news she noted is that boards and Clevel executives are taking much more interest in cyber security than they did in the pastppIn some jurisdictions they are open to personal penalties if a breach occurs but another motivation is that the growing sophistication of cyber insurers means organisations will only be able to get cover if they are taking the right steps said Murphy That should lead to better behaviourppCanons AI committee drives GenAI adoption with a dual approach educating broadly across teams and tailoring use cases to ppReflecting on Amazons AIdriven corporate layoffs CIOs must balance AI goals with human expertise risk management and ppSamsara CIO Stephen Franchetti shares how a venture capitallike mindset and AI champion network have helped his organization ppCNAPP or CSPM Understand the key differences between these cloud security tools to make an informed choice that aligns with yourppCheck out the latest security news from the Informa TechTarget teamppIn many organizations today when the CISO talks the CEO and board listen CISOs who successfully rise to the occasion have ppOrganizations that strategically balance technical capabilities with operational realities will be best positioned to leverage ppLearn about the different private 5G deployment options and how they differ from WiFi get a quick overview of top private 5G pp5G speeds up and extends wireless applications in manufacturing healthcare and other industries AI adds unprecedented levels ofppDecentralized data centers enhance scalability reduce latency and improve data compliance offering a strategic shift for ppData center admins should adopt a composable architecture to improve resource utilization reduce costs and enhance AI workload ppThere are regulated requirements to maintain data center equipment and functionality ISO 14644 cleanroom standards lay out ppThe new version of the vendors platform automates tasks previously performed by humans to substantially reduce the time it takesppThe newly released tools simplify access to enterprise data and enable deeper analysis through natural language to address ppWith enterprises struggling to build agents new Agent Bricks features address accuracy and governance to help move development pp

2025 TechTarget Inc dba Informa TechTarget
All Rights Reserved


Privacy Policy



Cookie Preferences



Cookie Preferences



Do Not Sell or Share My Personal Information
p