Cybersecurity Article

Breach Preparedness

9-1-1 or 1-1-2 is used globally when calling for help. But which number is used for requesting cyber-help?

When you have a fire you cannot put out, you call the fire department. When you witness a robbery, you call the police. But who do you call when you witness an ongoing break-in into your IT infrastructure or applications?

The EU General Data Protection Regulation (EU GDPR) has highlighted the necessity of a swift and capable response by demanding all companies to have a breach policy and to enforce it effectively. This requires an effective incident response organization to be prepared to cope with even the nastiest breaches. Similar to the fire department, this is the life-line you call when the incident resolution exceeds your own incident response capabilities.​

Cyber Incident Response

Anyone familiar with incident response organizations knows that a typical breach policy, including underpinning procedures, includes:

  • Roles and responsibilities
  • Actions
  • Time KPI
  • Response plan/strategy
  • Incident recovery
  • Documentation

And particularly after EU GDPR goes live, the following is also required:

  • Internal & External communication plan for affected accounts
  • External communication plan for handling press inquiries, dialogue on social media, etc.
  • Legal plan and potential e-discovery concerns
  • Forensics

Preparedness is key and the question is how prepared your incident response organization is for breach handling. The question becomes even more crucial if your IT landscape involves cloud and outsourced solutions. In the case of EU GDPR, all relevant logs must be consolidated, which requires strong vendor guarantees and service levels. Example: does your current SLA include access to all EU GDPR relevant logs?

Going forwards, handling breaches satisfactorily therefore requires an effective incident response organization including adequate security monitoring and datamining technologies to enable swift responses, forensics, and technological countermeasures - combined with strong execution of communication and legal plans.​


Partner with a cyber-security provider

A cyber security provider can provide the buffer of breach-handling-expertise needed when a breach occurs; however, it is recommended to partner up before the need arrives. Similar to physical security companies, a cyber-security provider must be tied into the company alarm/SOS structure and have emergency keys (passwords) to enter (log onto) the IT premises. Otherwise you end up with inefficient security consultants instead of an efficient Computer Emergency Response Team (CERT). A qualified cyber security provider has the required diverse and specialized skills, moreover proven processes and procedures, to manage even the nastiest breaches and limiting financial and reputational damage.

Key to success is to proactively establish a bridge between the external Computer Emergency Response Team (CERT) and the in-house Security Operations Centre/Incident Response Team. This ensures swift incident coordination of both onsite and offsite personnel to quickly provide incident verification and mitigating actions, whilst also securing evidence for legal action if required. This is vital to have in place for EU GDPR compliance after May 2018.

The flexibility of this combined approach offers your company the best match between your need for enhancing your breach handling capabilities and the cost. Rather than “either/or”, you can now opt for having both. Which one you ultimately select is up to you.​

Click here
to download our whitepaper "NNIT Cybersecurity - A new threat landscape requires a new approach"

Are you prepared to protect your business-critical IT?

The global efforts to control and contain the COVID-19 pandemic is a blunt and brutal reminder of the necessity of solid Business Continuity Management. The widespread quarantine has suddenly made digital workspaces vital and cybercriminals are keen to take advantage. Do you have a plan in place to protect or recover the IT systems that are vital to keep your business running?

Read the full article here

We're a Managed Security Service Provider helping you manage your ​cyber-security strategy, processes, certifications, controls and compliance measures.​

Based on strong partnerships with solution providers, we can build a ​full-scale Cyber Defense Center. We can establish solid identity and ​access management solutions, assess your threat posture in real-time ​and respond to any threat fast.

See more here

We are ready to assist you

NNIT has a large number of information security specialists ready to assist you. Together they have an enormous range and depth of competencies. We also have our own Cyber Defense Center, and if lightning strikes, we respond and assist you. Fast.

Read on to learn how our cybersecurity services can help your business stay compliant, secure, and future-ready.