Ways to Respond to a Breach

January 29, 2019  |  Javvad Malik

Breaches aren’t easy to deal with, especially if you are of the opinion that companies are people too. Having seen, been part of, and lent a shoulder to many a breach, here are nine of the common ways companies respond to breaches.

Delayed response

A delayed response is when a breach has occurred and the company is informed a long time after the fact, usually when the data appears on a dark web sharing site. The company sometimes informed by law enforcement, or by reading about it on Brian Krebs’ blog.

Complicated response (traumatic or prolonged)

A complicated breach becomes severe with time and can impact the entire company. This can be the case when regulators step in to look at a breach. Were you PCI DSS compliant? Well not anymore. Did you have European citizen data? Well say hello to my little GDPR friend.

Disenfranchised response

Disenfranchised breaches are where the company experiences a loss, but others do not acknowledge the importance or impact. For example, an intellectual property breach that allows a competitor to get ahead is felt by the company, but elicits little, if any sympathy from customers.

Cumulative response

A cumulative breach is when multiple breaches or incidents are experienced, often within a short period of time. For example, getting locked out of your IoT devices accounts while records are being exfiltrated out of the mainframe during a DDoS attack.

A cumulative breach can be particularly stressful because a company doesn’t have time to properly respond to one incident stating how they ‘take security seriously’ before experiencing the next.

Distorted response

Sometimes a company responds to a breach in extreme and hostile ways. In a manner befitting a toddler, the company may resort to blaming a partner or any other third party company.

On occasion the finger of blame is pointed towards an employee or contractor for not patching a system. Or, in some cases, the company will want to set an example and unceremoniously fire the CISO.

Inhibited response

Also known as “keep this between us” is a conscious decision by a company to keep details of a breach limited to a very small group.

Problems can occur if customers or regulators get wind of it, and can cause bigger issues down the road. By then, the only viable option for companies is to shred the documents, wipe the hard drives, and research countries with non-extradition treaties.

Collective response

Collective breach is felt by a wider group, and the impact is shared. It can be a useful tactic in bringing all people on the same side and put their differences aside.

When everyone is forced to change their passwords after a breach, it gives common ground for them to share the pain.

Absent response

A favourite of social media giants, absent response is when a company doesn’t acknowledge or show signs of any response. This can be as a result of shock, denial, or simply passing everything onto business as usual.

It’s important to note that in some instances, just because you can’t see the signs of a response, it doesn’t necessarily mean that a company isn’t taking responsive actions.

Or it could just mean they don’t care, it can be hard to tell.

Anticipatory response

Remember all those posters telling you ‘it’s not a matter of if, but when’ - well, that can have a positive affect as companies can go into anticipatory mode, expecting a breach and preparing accordingly. It doesn’t lessen the sting of a breach, but does allow you to have plans in place to respond and recover.

Share this with others

Tags: data breach

Get price Free trial