Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:30 AM
Claire Giordano
Claire Giordano

5 Tips On How To Prepare For A Data Breach

If you are a financial institution your cyber security defenses will be breached -- again and again. Here are five tips to respond quickly and minimize damage.

Stealing credit card and financial data is a profitable business. Everyone has seen headlines about breaches at Sony, Target, USPS, and JPMorgan. With JPMorgan Chase, personal information for 83 million customers was stolen. The recent attack at Sony Pictures is a stark reminder that the theft of IP is a real possibility — and the recent FireEye FIN4 report characterizes activities of a group that has been infiltrating Wall Street to steal confidential information on business deals and financial markets.

Once you assume that your enterprise will be breached despite even the strongest security team and the best defenses: it’s time to get ready. Here are five tips on how to prepare for a data breach.

It’s important to create an incident response plan in advance, before a breach occurs. It cannot be an afterthought. Your organization will need a command center, established decision makers, and powerful investigative tools. You’ll need data to do the forensic analysis—so you should be collecting network traffic data now, in advance. And key to your brand and reputation is: what is your communication plan? Who do you need to notify? What will you tell board members? What will you tell customers?

he military uses war gaming techniques to prepare for battle, and many corporations use dry-runs to improve skills. Adopt these approaches. Simulate cyber attacks to find holes in your incident response. You shouldn’t be executing your plan for the first time when your business is under attack. And while you may not be able to prevent all breaches, you should be diligent in your efforts to reduce the human errors that make it easier for cybercriminals to gain access. Make sure your security patch management is a well-oiled machine, and that your process for cutting off lost employee devices is swift and immediate. One way criminals skirt defenses today is to steal an employee’s credentials via a sophisticated spear phishing attack. The time may have come to adopt two-factor authentication to mitigate the impact of stolen password credentials.

To fully investigate a cyber attack, you need to be able to look back in time and figure out what happened: how did the attackers get in the door? Did they move laterally across systems? What did they take once they got inside? Every day in the investigation costs money. One tool that should be part of your security portfolio is network forensics. If you collect network traffic data today (and preserve it), then you will have the data you need in the future to figure out what happened. A security analyst I know refers to network traffic data as “pure gold.” With network traffic data, high-performance storage, and good analytics, you can reduce investigative cycles down from weeks to hours or minutes—and minutes matter.   

It’s a good idea to proactively analyze the network traffic data to look for anomalous behavior. Some organizations look for network access from countries they do not do business with. Other organizations scrutinize any access from the Tor anonymity network. Cybercriminal activities can be hard to detect, and hunting for suspicious behavior in network traffic requires skill, but it can and should be done.

Cybercriminals are raising the level of their game, and defenders need to do the same. Today’s infiltrators are taking advantage of human weakness, using spear phishing emails that play to the concerns of their targets—such as concerns about shareholder perception in the recent FIN4 Wall Street attacks. One way to prepare for a cyber attack is to make sure all employees are trained and knowledgeable—not with “check-the-box, one-size-fits-all” training but rather with an approach tailored to reach all employees, even if they have different learning styles. Use several communication vehicles: newsletters, emails, meetings, web, social media, phone. And don’t just train employees once, but again and again. You need to make sure all team members know what types of threats exist and what defensive measures to take. Because cybersecurity is everybody’s responsibility.

Claire Giordano is Senior Director of Emerging Storage Markets at Quantum, focused on cybersecurity, geospatial, and other demanding government workflows. Ms. Giordano has over 20 years of experience in product management and engineering, and earned an Sc.B. degree from Brown ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters