Skip to main content

Mitigating damage after a data breach

 

Data security week 9  blog


Mitigating damage after a data breach


There are a few steps that you need to follow when mitigating damage after a data breach but first of all you need to understand that companies need to be prepared off the serious  damage of a data breach. The key steps that I'm going to explain will help companies to protect their customers and stop data lost by identifying vulnerabilities and fixing them.

 

Here are some steps that companies should have in place when dealing with serious damaged  breach of data

·        You need to contain the breach - this means once the organisation/company has realised that they have been breached the company needs true identify how the breach happened in the first place. the security team which is normally called that blue team in organisation / company will strengthen their security approach to prevent any further damage.

 

·        Assess the risk - When assessing the risk we need to make sure that the threat has been contained and the organisation should assess the damage and consider how to proceed next to do this the company will need to find out :

·        What type of data is involved;

·        How sensitive the data is;

·        Approximately how many people’s data is affected;

·        Who is affected (customers, staff, suppliers, etc.);

·        Whether the information contains financial information or other high-risk data;

·        Whether the stolen data is encrypted; and

·        Whether the organisation backed up the data.

 

·        Notify regulators and those affected

·        Depending on the answers to those questions, organisations will have to notify regulators and/or the affected individuals.

·        Under the GDPR, data breaches only need to be reported if they “pose a risk to the rights and freedoms of natural living persons”.

·        This generally refers to the possibility of affected individuals facing economic, social or reputational damage, or financial losses

·        mandating that incidents be reported within 72 hours of discovery, you need a plan in case disaster strikes.

·        Under the GDPR, organisations have 72 hours from the time they become aware of a personal data breach to report it to their supervisory authority. They must provide details of how the breach occurred, what data is affected, how many data subjects are involved and what measures they’re taking to respond to the incident.

 

·        Prepare for the future –

·        After an organisation has responded to an incident, it should take appropriate action to prevent future breaches.

·        It should use the information it gathered responding to the incident as the starting point to investigate further, identifying how its cyber security measures can be improved.

·        This might include investing in better security technology, updating its policies or making its staff more aware of their cyber security responsibilities

 

Whitelist and blacklist


What is Blacklisting

Blacklisting is one of the oldest algorithms in computers security. It is used by most antivirus software to block unwanted entities. The process of blacklisting applications involves the creation of a list containing all the applications or executables that might pose a threat to the network, either in the form of malware attacks or simply by hampering its state of productivity. Blacklisting can be considered a threat-centric method.


Advantages and disadvantages of blacklisting

·        That administrator can easily block unknown and malicious software and run anything else. This way users will have access to all the applications they require. Blacklisting is a good approach for enterprises that are keen on taking a more relaxed approach to application control.

·        blocking everything that is distrusted, even though simple and efficient, might not necessarily be the best approach. Around 230,000 samples of malware are produced every day, making it impossible for an admin to keep a comprehensive and updated and list of malicious applications. And considering that 30 percent of malware tends to target zero-day vulnerabilities, there's potential a security breach could happen before the affected applications are included in the blacklist.

·        Unfortunately, in the case of zero-day attacks, enterprises will be left vulnerable regardless of the security system they have in place. The recent hike in targeted attacks determined on stealing confidential data from enterprises is also something admins need to worry about. Predicting and preventing these types of attacks using blacklisting would be ineffective.

 

What is whitelisting?

 

Whitelisting is the opposite of blacklisting, where a list of trusted entities such as applications and websites are created and exclusively allowed to function in the network. Whitelisting takes more of a trust-centric approach and is considered to be more secure.  This method of application control can either be based on policies like file name, product, and vendor, or it can be applied on an executable level, where the digital certificate or cryptographic hash of an executable is verified.

 

Advantages and disadvantages of whitelisting

·        Though blacklisting has been popular in the past, the recent exponential growth in malware suggests it's not effective enough. Whitelisting only allows a limited number of applications to run, effectively minimizing the attack surface. Additionally, building a whitelist is much easier, as the number of trusted applications would definitely be lower when comparing it to the number of distrusted ones. Enterprises that conform to strict regulatory compliance practices can benefit from whitelisting.

·        As advantageous as whitelisting is, it comes with its set of cons. Building a whitelist may seem easy, but one inadvertent move can result in help desk queries piling up on the admin. Inability to access essential applications would put various critical tasks on halt. Furthermore, determining which applications should be allowed to execute is an intensive process in itself.

·        As a result, administrators in some cases tend to create overly broad whitelisting rules. This misplaced trust could put the entire enterprise in jeopardy. Another disadvantage is that, while blacklisting can be automated to an extent by using antivirus software, whitelisting cannot function seamlessly without human intervention.

Comments

Post a Comment

Popular posts from this blog

Jesse Lingard home workouts!!!

Manchester United star Jesse Lingard is posting on his social media free work out you can do at home. Manchester United midfielder Jesse Lingard’s 40-minute workout consists of three rounds of four sets of exercises, including cardio, core and overall strength, with a bonus round if you can hack it! His work as follows --  First set no breaks in between  High knees --30 Seconds Bur-pees --30 seconds Mountain climb -- 30 seconds Alternate lunges -- 30 seconds  1 minute rest Second set no breaks in between Sit ups -- x10 Elbows to knees -- x10 Touch heels -- x10 Scissors -- x10 Touch toes -- x10  1 minute rest Third sets no breaks in between   Press up -- 8 to 1 Press up to plank -- x10 Plank left / right -- 30 seconds  1 minute rest Forth sets no breaks in between  Wall sit / squat -- 30 seconds  Revers Lungs -- x10 Jump squats -- x10  Walk on...
Post a Comment
Read more
Data security firewall  What is a firewall? A firewall is network security device or software that monitors incoming and outgoing network traffic, it permits, or blocks network traffic data packets based on a set of security rules . The purpose of the firewall is filter out any malicious traffic like viruses and hackers and tonight access to the viruses and hackers, and it will allow safe network traffic through such as the Internet. By default, a firewall blocks all network traffic coming into the network it is protecting.  For the campus firewall this means that no traffic from the Internet can get on the Missouri State campus network without explicit permission.  To permit traffic through the firewall we create exceptions or rules that allow certain traffic on the network.  The rules are defined by the IP addresses of the sender and receiver of the traffic as well as the type of traffic e.g. web or SSH.  Types of firewalls Firewalls can either be soft...
Post a Comment
Read more
  Data security week 6 blog Configuration of firewall and I had to keep your device safe using firewall There are many firewalls out there some that may cost money and some that are free today we're going to focus on zone alarm firewall. In this example I'll be using the free trial package for zone alarm usually zone alarm does have   annual costs fee for £54.95. Zone Alarm protect home users and small businesses from emerging cyber threats with the same next-generation technology trusted by the world’s largest companies, tailored to your needs. The ZoneAlarm Firewall protects your computer from most of those threats. It defines three security zones Trusted, Public, and Blocked. By default, the Public Zone works in High security mode, and the Trusted Zone works in Medium security mode: High security mode for Public Zone lets you connect to network resources but prevents other unauthorized network users and computers from accessing the resources on your computer and c...
Post a Comment
Read more