3 reasons companies fail to assess the scope of a data breach

Best advice: Understand your data, have proper event logging in place, and test your incident response plan. (You do have one, don’t you?)

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

First comes the embarrassing breach announcement. Then, a few days or weeks later, another one -- a few million stolen records were missed the first time around. Then another announcement, with another upward correction. With each new revelation, the hacked organization loses credibility and faces greater liability.

"They make a statement too soon after the breach," says Jon Connet, senior director for corporate strategy at ForeScout. "It's the drip-drip-drip that killed a lot of these companies. They're making initial statements based on the first initial forensic findings, weighing the pros and cons of getting ahead of the story and trying to minimize the impact, before they have a firm handle on what happened."

Public humiliation isn't the only cost of not knowing the scope of a breach. Even if the breach is not publicized because, say, the only data lost was intellectual property, then not knowing what the attackers got their hands on could be extremely damaging to a company financially.

If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks.

Given how long breaches have been hitting the news headlines, it's surprising that companies are still having trouble with the issue. So how can companies get on top of the problem? "If you only ever focus on after the breach then the answer is you can’t," says Adrian Asher, CISO at the London Stock Exchange Group.

The time to start is long before the breach ever happens. "If you haven’t invested in the controls and people before a breach occurs, then when you are in the critical state of a breach you’ll be ill prepared," he says.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.