Data Breaches: Preventive and Responsive Strategies for SMEs
In Australia, small and medium-sized businesses (SMEs) are increasingly finding themselves under attack from cybercriminals and falling victim to data breaches.
From ransomware attacks to phishing schemes, businesses in Australia are no strangers to the looming threats of data breaches. In 2022/2023, the Australian Signals Directorate saw nearly 94,000 cybercrime reports, up 23%.
How To Prevent Data Breaches - Your Response Plan
Step 1: Risk Assessment
When assessing your organisation’s risk for a data breach, you must first identify where your data resides and how it flows across your systems and external interfaces. This involves mapping locations, data processing activities, and data transfer points.
Remember, adhering to the Australian Privacy Principles and the Notifiable Data Breaches scheme is crucial to avoid penalties and reputation loss.
No stress, though – our team is here to help strengthen your cyber defences, allowing you to focus on your business with peace of mind.
Case Study: Australian Red Cross Blood Service Data Breach
In 2016, the Australian Red Cross Blood Service leaked the personal details of approximately 550,000 blood donors. The data, including names, addresses, and some sensitive health information, was inadvertently made available on an unsecured public-facing website.
Surprisingly, this resulted from a human error when a file containing this data was sent to a contractor.
Step 2: Containment
When a breach is detected, it’s time to act swiftly to isolate affected systems to prevent further attack spread. For starters, you don’t know what’s affecting your systems, and if it’s contagious, you’d want to stop its spread to minimise its damage. This could mean the following:
- Disconnecting from the network
- Restricting remote access
- Shutting down specific services
Advanced Steps
Network Isolation
Responsible
Network Team
Outcome
Affected systems disconnected from the primary network
Password Resets
Responsible
IT Security
Outcome
Admin passwords reset; user resets in progress
Apply Patches
Responsible
Systems Team
Outcome
Patches identified to be applied post-forensic analysis
Access Control Review
Responsible
Compliance Officer
Outcome
Access rights are confirmed and adjusted where necessary
Forensic Duplication
Responsible
Forensics Team
Outcome
Evidence preserved for affected systems
Secure Communications
Responsible
IT Security
Outcome
Encrypted channels are established for incident communication
Legal Compliance Check
Responsible
Legal Department
Outcome
Reviewing containment actions to ensure legal compliance
Containment is a critical phase in the response to a data breach. It involves immediate actions to limit the breach’s spread and impact and prevent further unauthorised access to sensitive data.
Step 3: Eradication
This process requires you to document each step taken, including the details of the vulnerabilities addressed, the tools and the methods used for removal, and any system changes made.
This documentation not only supports post-incident reviews but also informs and improves your organisation’s ongoing security posture and response strategies.
Step 4: Recovery
This is the most crucial phase of the process, thus demanding you do it ‘right’. Recovery involves restoring and returning the affected systems and services to normal operations while ensuring no remnants of the security threat remain.
Here’s how this pans out for you and your business:
System Restoration
Carefully bring affected systems back online after ensuring they are free from the breach’s impact.
Use verified clean backups to restore data, ensuring that these backups have not been compromised.
Service Continuity
Re-establish affected services methodically to minimise the risk of latent vulnerabilities.
If complete restoration is not immediately possible, implement temporary measures to maintain business operations.
Security Reinforcement
Before restoring each system, reinforce security measures to prevent a recurrence of the breach.
Update and deploy patches to fix the vulnerabilities that led to the breach.
Monitoring
Monitor the restored systems for any signs of instability or indications of a persistent security threat.
Set up additional alerts to quickly identify anomalies that may suggest lingering issues.
Validation
Validate the integrity of the restored systems and data, ensuring no tampering.
Engage in comprehensive testing to confirm that all systems are fully functional and secure.
Communication
Keep your stakeholders informed about the recovery process, including expected timeframes for full-service restoration.
Provide updates to customers, suppliers, and partners as necessary, maintaining transparency about the system status.
Documentation
Document each step of the recovery process, including the actions taken to address the breach and the lessons learned.
Record any changes made to the system configurations and security measures.
Review Compliance
Validate the integrity of the restored systems and data, ensuring no tampering.
Engage in comprehensive testing to confirm that all systems are fully functional and secure.
Post-Recovery Analysis
Validate the integrity of the restored systems and data, ensuring no tampering.
Engage in comprehensive testing to confirm that all systems are fully functional and secure.
Business Continuity Plan Update
Update your business continuity plan and disaster recovery strategies based on insights from the incident and recovery phase.
Consider better preparing for future incidents and reducing recovery time and impact.
Case Study: The 2019 LandMark White Data Breach
LandMark White, one of Australia’s largest valuation firms, experienced multiple data breaches in 2019 which led to a significant financial and reputational impact. The breaches occurred when sensitive valuation data was exposed online, impacting 100,00 customers.
This incident was attributed to an insecure API endpoint and resulted in the firm being temporarily suspended from the panels of major financial institutions
Conclusion
Your cybersecurity is only as strong as your weakest link. The key to a robust defence lies in preparation, real-time monitoring, and swift response. But remember, you don’t have to sail these treacherous waters alone. Our team will partner with you to craft tailor-made solutions for your organisations, providing a well-rounded, compliant security strategy.