Skip to main content

Mitigating damage after a data breach

 

Data security week 9  blog


Mitigating damage after a data breach


There are a few steps that you need to follow when mitigating damage after a data breach but first of all you need to understand that companies need to be prepared off the serious  damage of a data breach. The key steps that I'm going to explain will help companies to protect their customers and stop data lost by identifying vulnerabilities and fixing them.

 

Here are some steps that companies should have in place when dealing with serious damaged  breach of data

·        You need to contain the breach - this means once the organisation/company has realised that they have been breached the company needs true identify how the breach happened in the first place. the security team which is normally called that blue team in organisation / company will strengthen their security approach to prevent any further damage.

 

·        Assess the risk - When assessing the risk we need to make sure that the threat has been contained and the organisation should assess the damage and consider how to proceed next to do this the company will need to find out :

·        What type of data is involved;

·        How sensitive the data is;

·        Approximately how many people’s data is affected;

·        Who is affected (customers, staff, suppliers, etc.);

·        Whether the information contains financial information or other high-risk data;

·        Whether the stolen data is encrypted; and

·        Whether the organisation backed up the data.

 

·        Notify regulators and those affected

·        Depending on the answers to those questions, organisations will have to notify regulators and/or the affected individuals.

·        Under the GDPR, data breaches only need to be reported if they “pose a risk to the rights and freedoms of natural living persons”.

·        This generally refers to the possibility of affected individuals facing economic, social or reputational damage, or financial losses

·        mandating that incidents be reported within 72 hours of discovery, you need a plan in case disaster strikes.

·        Under the GDPR, organisations have 72 hours from the time they become aware of a personal data breach to report it to their supervisory authority. They must provide details of how the breach occurred, what data is affected, how many data subjects are involved and what measures they’re taking to respond to the incident.

 

·        Prepare for the future –

·        After an organisation has responded to an incident, it should take appropriate action to prevent future breaches.

·        It should use the information it gathered responding to the incident as the starting point to investigate further, identifying how its cyber security measures can be improved.

·        This might include investing in better security technology, updating its policies or making its staff more aware of their cyber security responsibilities

 

Whitelist and blacklist


What is Blacklisting

Blacklisting is one of the oldest algorithms in computers security. It is used by most antivirus software to block unwanted entities. The process of blacklisting applications involves the creation of a list containing all the applications or executables that might pose a threat to the network, either in the form of malware attacks or simply by hampering its state of productivity. Blacklisting can be considered a threat-centric method.


Advantages and disadvantages of blacklisting

·        That administrator can easily block unknown and malicious software and run anything else. This way users will have access to all the applications they require. Blacklisting is a good approach for enterprises that are keen on taking a more relaxed approach to application control.

·        blocking everything that is distrusted, even though simple and efficient, might not necessarily be the best approach. Around 230,000 samples of malware are produced every day, making it impossible for an admin to keep a comprehensive and updated and list of malicious applications. And considering that 30 percent of malware tends to target zero-day vulnerabilities, there's potential a security breach could happen before the affected applications are included in the blacklist.

·        Unfortunately, in the case of zero-day attacks, enterprises will be left vulnerable regardless of the security system they have in place. The recent hike in targeted attacks determined on stealing confidential data from enterprises is also something admins need to worry about. Predicting and preventing these types of attacks using blacklisting would be ineffective.

 

What is whitelisting?

 

Whitelisting is the opposite of blacklisting, where a list of trusted entities such as applications and websites are created and exclusively allowed to function in the network. Whitelisting takes more of a trust-centric approach and is considered to be more secure.  This method of application control can either be based on policies like file name, product, and vendor, or it can be applied on an executable level, where the digital certificate or cryptographic hash of an executable is verified.

 

Advantages and disadvantages of whitelisting

·        Though blacklisting has been popular in the past, the recent exponential growth in malware suggests it's not effective enough. Whitelisting only allows a limited number of applications to run, effectively minimizing the attack surface. Additionally, building a whitelist is much easier, as the number of trusted applications would definitely be lower when comparing it to the number of distrusted ones. Enterprises that conform to strict regulatory compliance practices can benefit from whitelisting.

·        As advantageous as whitelisting is, it comes with its set of cons. Building a whitelist may seem easy, but one inadvertent move can result in help desk queries piling up on the admin. Inability to access essential applications would put various critical tasks on halt. Furthermore, determining which applications should be allowed to execute is an intensive process in itself.

·        As a result, administrators in some cases tend to create overly broad whitelisting rules. This misplaced trust could put the entire enterprise in jeopardy. Another disadvantage is that, while blacklisting can be automated to an extent by using antivirus software, whitelisting cannot function seamlessly without human intervention.

Comments

Post a Comment

Popular posts from this blog

VADDAL RILEY HOME WORKOUT IN LOCKDOWN!!!

Viddal Riley is a up and coming boxer, he has had 4 professional fight and has won all 4 fights, he also fought in the under card of  Manny Pacquiao in Las Vagas on the 28/02/2020 leading the only KO of that night. Viddal also has a Youtube  channel where he posts quite frequently. He post about Boxing, Coaching, Music and challenges if you want to check it out here it is  https://www.youtube.com/channel/UC9BaJIXnYSyYalbCVfZTZ4A . He has put out a video on a home work out that you can do in the lock down here it is -- Warm up -- 5 mins Skipping at your own level Double jump skipping High knees skipping Ground work -- Sit ups -- x12 Dorsal Raise -- x12 Pike Sit Ups -- x12 Bur-pee Stand Ups -- x12 Thumb Touching Push Ups -- x12 Pike Sit Ups Alternative Legs -- x12  Squat Thrust -- x12 Abdominal Hold -- 25 secs Bur-pee Jumps -- x12 Finger Tip Push Ups -- x12 Elbow To Knee Sit Ups -- x12  Rest Warn Down Done! Here is the link if you need a demonstration :--   h
Post a Comment
Read more
  Data security week 6 blog Configuration of firewall and I had to keep your device safe using firewall There are many firewalls out there some that may cost money and some that are free today we're going to focus on zone alarm firewall. In this example I'll be using the free trial package for zone alarm usually zone alarm does have   annual costs fee for £54.95. Zone Alarm protect home users and small businesses from emerging cyber threats with the same next-generation technology trusted by the world’s largest companies, tailored to your needs. The ZoneAlarm Firewall protects your computer from most of those threats. It defines three security zones Trusted, Public, and Blocked. By default, the Public Zone works in High security mode, and the Trusted Zone works in Medium security mode: High security mode for Public Zone lets you connect to network resources but prevents other unauthorized network users and computers from accessing the resources on your computer and co
Post a Comment
Read more
  Data security week 7 blog   Why is Backups important   The purpose of the backup is to create a copy of data that can be recovered in the event of a system failure. System failures can be the result of hardware or software failure, data corruption, a malicious attack (virus or malware), or accidental deletion of data. Backup copies allow data to be restored  would provide the means of restoring to a previous point after the incident has been dealt with. Backups is a vital method of storing data and keeping it safe, when you take your time and set up a good backup strategy you can ensure that data can easily be recovered. Storing copies of data on a separate device for example USB stick, an external hard drive, A disk ah storage system, cloud storage or tape drive   can protect you against data loss or corruption. most of these devices need to be at the location of your PC or laptop When trying to restore but you can store the devices in a safe place until you need it of you
Post a Comment
Read more