Welcome to the third and last blog in the series about surviving a cyber-attack. Here we explain what should be done to prevent a (next) cyber-attack.
Step 5: Inform those affected
Informing clients is one of the hardest steps post-incident. Sharing information about a breach does not help you to win the popularity contest, but clients need to be informed so they can take appropriate actions to protect themselves. Always concur with legal before communicating, to know what your legal and regulatory requirements are. Writing a press release or even inviting the media are possibilities you’ll also have to consider. Lastly: share- and stakeholders need to be informed.
IRT, management, authorities, legal, finance, marketing/pr, project- and account managers.
Survival Tip: Respect the AVG/GDPR
In case of a security breach, the AVG/GDPR requires that a ‘controller’ notifies the local supervisory authority within 72 hours after discovery. Whether you need to report a breach depends on the (potential) impact of the breach on the protection of personal data and the privacy of those involved. Don’t panic when you’re having trouble determining the scale of the impact: just contact your local supervisory authority and ask them for advice.
Step 6: Preventing the next cyber-attack
After an incident, chances are your board will approve a budget increase for cybersecurity. Before investing, a review of the whole existing structure is deemed wise. For instance, how reliant are you on third-party code? Training employees to become more watchful and focussed on possible security threats is also important. Don’t be mistaken: these threats are unlike fixable bugs that are easily solved. Criminals will keep trying to enter. The saying goes: “The attackers just have to be lucky once. The defenders have to be lucky all the time.”
Management, the board, finance, legal, developers, third party security professionals.
Survival Tip: Bug bounty programs
Consider bringing in other security professionals that support developer teams in finding security vulnerabilities, as we do with our bug bounty programs. Following major tech companies, bug bounty programs help businesses cost-effectively secure their online environments.
Talk to you soon?
You’ve reached the end of our blog series on surviving a cyber attack, so we suggest you read our or other blogs, explore the website and/or download our brochure. Or leave us a contact request so we can get in touch with you and discuss how we can help you prevent a cyber-attack. Speak to you soon?
PS. Haven’t read the other two blogs on the subject? Click here for blog 1, and here for blog 2.
Zero Days of Love ♥️ | our CTO explains CDI pipelines and his role in OWASP. If you’re interested...
Written by Zerocopter
May 28, 2021
Share this blog: