The Equifax Breach: How Companies Can Respond to Major Security Incidents

By Walker Banerd September 8, 2017 forensics, incident-response

The Most Damaging Data Breach Ever?

Equifax, one of the largest American credit reporting agencies, announced yesterday that a data breach had exposed the personal data of 143 million customers. While not the largest data breach ever in terms of the number of records—that ignominious honor still goes to Yahoo—it may be considered the most damaging breach ever, once the dust has settled. This is because of the highly sensitive nature of the data, including Social Security numbers, credit card info, and driver’s license numbers—some of the most valuable information for identity thieves and other cybercriminals.

Here at D3, our expertise is providing companies the tools to react to incidents like data breaches. So what stands out to us in this story is the gap between Equifax discovering the breach on July 29, and going public on September 7. Based on the chaos following the announcement, Equifax was extremely rushed in their response, even after having taken over 40 days to go public.

Breaches are Inevitable; Slow Response Isn’t:

Every large company, especially those who manage customer data, should have both incident management and breach response plans in place. You might not be able to prevent every cyberattack or data breach, but you can make sure that your response to a breach is fast, coordinated, and comprehensive—no matter at which stage you’ve discovered it. An Incident Response Platform (IRP) is a crucial tool in these situations. Here are a few of the ways an effective IRP can help you understand the extent of a data breach and coordinate your response.

Orchestration

Responding to a large data breach can be a daunting, all-consuming task, so it’s important to have dynamic orchestration features that facilitate enterprise-wide response coordination. An IRP like D3 acts as a central nerve center for your response efforts, ensuring that everyone is working with the latest data. D3 can send automated tasks assignments, notifications, approval requests, and other communications within the system, without relying on insecure and unaudited email. Particularly useful in a large-scale data breach is the ability to bring in other departments like Legal and Public Relations with custom dashboards and appropriate access controls, as is necessary when dealing with protected information and potential scandal. These features are invaluable during the chaos of a serious security incident, because they streamline, automate, and expand your ability to execute an effective response, even in the heat of the moment.

Case Management

Case management features help you to understand the source and timeline of a breach, as well as how to stop it from occurring again. D3’s forensics module equips investigators with a purpose-built case management system, complete with task management, chain of custody for evidence integrity, and data analysis. This, combined with our root cause analysis module—which guides investigators to conclusive findings and swift corrective action—helps to prevent future attacks by determining what vulnerabilities were exploited, and ensuring they are fixed.

Also, because major attacks are unlikely to be limited to one security alert, it’s important to have a case folder system to bring multiple incidents together. This allows analysts to collaborate, share notes, and work on the larger problem without working redundantly on separate incidents.

Reporting

The legal and regulatory fallout from the Equifax breach remains to be seen, but data breaches always require extensive reporting. For example, companies subject to the upcoming GDPR will soon be required to report to their supervisory authority within 72 hours of a data breach . D3 can report on virtually any data within the system, and present it visually in dashboards, charts, and link analysis. The platform also comes equipped with templates for common compliance reports, and built-in links to the batch uploaders of common regulators, such as FinCEN and the various electric utility reliability commissions. In a data breach, sharing reports with regulators, governments, and other stakeholders is part of the process, and your IRP should support you in this mission-critical task.

D3 is designed to be a full-lifecycle IRP, streamlining your entire response program. To learn more about our solutions, including our brand-new automation suite, schedule a demo today.

Walker Banerd

Walker Banerd

Walker is the Communications Manager at D3. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.


Comments

Add a comment:

email

username

url

your comment

Your comment will be revised by the site if needed.