The real threat from a data breach is not the incident itself, but the lasting damage it can cause to your reputation.
A new critical vulnerability, named Shellshock, has been identified that allows personal computers to be controlled remotely. The vulnerability allows hackers to issue commands that your computer will then execute; potentially resulting in significant data-loss, long-lasting reputational damage and a loss in business confidence.
It is estimated that this vulnerability affects up to 50% of computers connected to the Internet, and will almost certainly affect a number of internal IT systems within many businesses. As technology vendors scramble to rectify the problem, cyber criminals are developing malicious scripts at breath-taking speed with the explicit aim of exploiting the vulnerability to gain access to sensitive data.
At a time when cyber criminals will quickly exploit any vulnerabilities in a business’s critical infrastructure to gain access to sensitive data, prevention is always better that cure. To avoid becoming a target in the future, you need to know where your weaknesses are before the hackers do.
To start with, speak to your Chief Security Officer to gain an understanding as to how this risk is being managed. Next, identify the data you hold and put in place measures to protect it accordingly. Sometimes this means separating sensitive information, implementing robust technical measures and creating effective incident response plans that enable you to neutralise security events quickly.
As Shellshock has shown, it’s not always possible to put in place preventative measures when the vulnerabilities themselves are previously unknown. But what is known is that every business will at some point find itself on the back foot when it comes to data loss and protecting reputation. It can happen at any time and is never convenient.
That is why it’s imperative you pre-emptively identify and anticipate impending reputation threats that may result from a breach. Being on the front foot in the event of a hack will enable you to make the right decisions quickly, whilst making the most of the first 72 hours following a breach to put in place remedial measures, handle the media and consider who needs to be informed from regulators to customers.
Ultimately, how you handle a data breach will determine the impact of a breach on your reputation.