Not long ago on the CyberArk Conjur blog, our DevOps community manager and evangelist John Walsh explored the history and evolution of open source software. It’s a great read that highlights the clear relationship between open source adoption and DevOps success in the enterprise, along with the power of community engagement and information sharing.

We’ve embraced this team player approach with CyberArk Conjur and our fast-growing CyberArk Marketplace, which features community contributions. Furthering this commitment to collaboration and transparency, today we published our product documentation library online, making it freely available to everyone – no login required.

Featuring newly simplified and enhanced documentation on CyberArk version 10.10, CyberArk Docs makes it even easier to get your questions answered – fast.

Considering a privileged access security solution? Whether your organization is just getting started or already focused on implementing advanced privileged access security strategies to align with digital transformation initiatives, CyberArk Docs is a good place to start. Get to know CyberArk by browsing documentation by product: Core Privileged Access Security, CyberArk Privilege Cloud, Endpoint Privilege Manager and Application Access Manager. On each of these product pages, it’s easy to find information on security fundamentals, how to get started with a deployment, how to configure or manage your environment and how to install or upgrade components. The site is easy to navigate, offering documents organized by functional role with information for end users, administrators and developers.

CyberArk Docs is also part of our broader CyberArk Technical Community site, available to current customers and partners, where you can connect and engage with peers and subject matter experts on CyberArk products and services. Through the Technical Community you can now browse and download helpful documentation from CyberArk Docs, take advantage of our comprehensive knowledge base, access a wide range of online training courses and post integrations and reviews on the CyberArk Marketplace. There’s also a simple way to submit support cases and enhancement requests.

CyberArk Docs is just one of the many ways we’re extending value to the broader cybersecurity community. Inspired by open source, our goal is to make it easier for end-users, admins, developers and security professionals alike to access the information and tools they need to collaborate, innovate, build and succeed.

Check CyberArk Docs out today.

You can read the original article, here.

The recent attack by China on Cellular companies – called Operation Soft Cell – is part of an espionage campaign that leverages privileged access in privileged accounts. Compromising credentials remains the weapon of choice for attackers and a top attack pattern.

We first encountered this pattern when Edward Snowden revealed Operation Socialist, a CIA and British Global Communication Headquarters (GCHQ) campaign that allegedly attempted to take control of one of the most widely spread telecommunications networks in the country – Belgian telecommunications company Belgacom. Access to Belgacom would allow intelligence agencies to obtain the metadata required to track specific target individuals. Aside from this new attack coming from a very different quarter, China’s APT 10 rather than the GCHQ, the attacks are very similar.

Operation Socialist, like the recent Soft Cell operation, leveraged privileged access and privileged accounts to take control of telecommunication systems and persist while remaining in the shadows. Neither of these attacks needed to exploit vulnerabilities or reveal sophisticated and aggressive tools, which cost a lot to develop. In both cases, the groups compromised the organization’s privileged accounts – namely domain admin accounts. Domain admin accounts have administrator rights over an entire domain, making them extremely useful to an attacker.

Domain admin accounts and other well-known privileged accounts are usually tightly-controlled and monitored. However, there were still vulnerabilities to exploit. The attackers probably went after shadow admins, which are privileged accounts that aren’t members of the privileged Active Directory group, letting them fly under the radar and often go overlooked by organizations’ security teams.

These type of accounts have special privileges that allow an attacker to gain control of a complete network control without being a member of a privileged group. Consequently, the attack leaves little trace, while still providing the attacker with flexibility. In the Soft Cell operation, the attackers launched a VPN service to allow them shadow access to the network – possibly based on shadow admin accounts.

Using shadow admins to gain access isn’t the only short cut that the attackers from Operation Soft Cell and Operation Socialist used. In both of these cases, the attacks on the telecom companies targeted the supply chain.  Just like hardware manufacturing facilities, software companies that provide product updates or internet traffic backbone servers are vulnerable to supply chain attacks.

This has become common with many attackers redirecting their efforts from well-defended organizations to their less-secure supply chains. Attackers who want intimate and persistent access to a company’s data and IP can replace sending phishing emails to vast numbers of employees with bugging the company’s hardware. Attackers who want access to an individual’s metadata, location and calls for a longer period of time, can replace exposing a costly WhatsApp vulnerability with compromising a specific individual’s phone.

You can read the original article, here.

In the last week both British Airways (BA) and Marriott Hotels have hit the headlines because of eyewatering GDPR fines – $229 million for BA and $123 million for Marriott.

The fines show that the GDPR (General Data Protection Regulation), has given enforcers like the UK’s ICO (Information Commissioner’s Office), some serious teeth. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.

With these new fines in mind, it’s a good time to make sure you’ve minimized your risk of being next in line.

GDPR is focused on protecting European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever in the world you are based. Marriott, a U.S. organization, is a case in point.

Here are five best practices we recommend all organizations follow to minimize the risk of a GDRP data loss fine:

1. Patch early, patch often. Minimize the risk of a cyberattack by fixing vulnerabilities that can be used to gain entry to your systems illegally. There is no perimeter, so everything matters: patch everything.
2. Secure personal data in the cloud. Treat the cloud like any other computer – close unwanted ports and services, encrypt data and ensure you have proper access controls in place. And do it on all your environments, including QA and development.
3. Minimize access to personal data. Reduce your exposure by collecting and retaining only the information you need, and making sure the only people with access to it are the people who need it to do their jobs.
4. Educate your team. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR requirement.
5. Document and prove data protection activities. Be able to show that you have thought about data protection, and have taken sensible precautions to secure personally identifiable information.

Sophos can help

First up, to minimize the risk of attackers getting to your data, we offer a complete portfolio of cybersecurity solutions, including Intercept X endpoint protection and XG Firewall. Check them out with our free online demos today.

If you’re using Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platforms (GCP), take a look at our guide to Securing the Public Cloud: Seven Best Practices. It explains what you are (and are not) responsible for, and how to protect data and workloads in the public cloud.

When a laptop goes missing, you need to be able to show it was encrypted. Sophos Central Disk Encryption is the easiest way to centrally manage BitLocker and FileVault encryption, and to prove that you have it deployed.

Think about how much personal data you have on your work mobile phone – it’s just as much a security risk as your laptop. Sophos Mobile enables you to remotely lock and wipe a lost mobile device – and also demonstrate that it is encrypted.

Sophos Disk Encryption and Sophos Mobile are available through Sophos Central. If you’re already using Central you can start a free trial in a couple of clicks from within your console. If you’re not, download a free trial today.

You can read the original article, here.

Tourists aren’t the only ones looking at Florida this summer. As the Sunshine State ramps up to greet a flock of vacationers, it’s also facing some far less welcome visitors.

Over the last few weeks, cybercriminals have targeted Florida with advanced ransomware attacks requesting heavy payments in return for restoring data. In one example, the city of Riviera Beach agreed to pay over $600,000 in ransom after its systems were crippled.

Of course, ransomware attacks aren’t limited to Florida and are now commonplace across the globe as cybercriminals continue to evolve their techniques.

How to avoid becoming the next ransomware victim

Sophos Intercept X Advanced gives you the world’s best protection against ransomware. And you can protect your organization for free, for 30 days.

It includes multiple layers of security that deliver unparalleled protection against sophisticated, advanced attacks.

• CryptoGuard technology stops the unauthorized encryption of files by ransomware, rolling any impacted files back to their original state. It’s the ultimate ransomware killer.
• Anti-exploit protection prevents ransomware from using vulnerabilities in software products to infiltrate and spread through organizations.
• The powerful Deep Learning engine uses cutting-edge machine learning to identifiy and block never-before-seen ransomware before it executes.

Watch Intercept X in action against MegaCortex ransomware

Try it yourself

Intercept X uses multiple techniques to defend against ransomware, instantly elevating your defenses. Download and get started today.

Sophos Intercept X continues to perform well in third party tests, and we thought we’d share a few recent results.

Those results include a 100% total accuracy rating by SE Labs, a #1 ranking by AV-Comparatives for malware protection, and an Editors’ Choice designation by PC Magazine.

Our Mac protection also joins in on the fun with a new result from AV-Test. Scoring 18 out of 18, Sophos received the only perfect score in the test.

SE Labs

SE Labs conducts quarterly tests for both enterprise and SMB protection. We’re excited to report that we received a 100% total accuracy rating in both Q1 2019 tests.

AV Comparatives

Intercept X made its first public AV-Comparatives Business Security Test appearance and ranked #1 for malware detection on Macs. We earned a 99.7% detection rate with just 1 false alarm in the “real-world” test, and 99.9% detection and 0 false alarms in the “malware” test.

PC Magazine

Intercept X received an “Excellent” Rating and the “Editors’ Choice” award.

PC Magazine declared that Intercept X is “an instant win for anyone looking to provide a defense against ransomware for any sized business.”

The reviewers went on to say it “has a wide range of sophisticated features to guard against malware of all forms, and has earned the praise of several independent labs as well as earned our Editors’ Choice designation in our ransomware protection for business review roundup”.

AV-Test

Sophos scored a 6 out of 6 on protection, performance, and usability – the only perfect score among vendors tested in June 2019.

Intercept X third party test results and top analyst reports

SE Labs

• AAA Rated for Enterprise – 100% total accuracy rating
• AAA Rated for SMB – 100% total accuracy rating

NSS Labs

• Ranked #1 for Security Effectiveness
• Ranked #1 for Total Cost of Ownership (TCO)

AV-Comparatives

• Ranked #1 for Malware Protection (99.9% detection, 0 false alarms)

MRG Effitas

• Ranked #1 for Malware Protection
• Ranked #1 for Exploit Protection

PC Magazine

Editors’ Choice

AV-Test

• Top Product: 6/6 Protection, 6/6 Usability, 5.6/6 Performance
• #1 macOS protection: 6/6 Protection, 6/6 Usability, 6/6 Performance

Gartner

• Leader: 2018 EPP Magic Quadrant

Forrester

• Leader: 2018 Endpoint Security Wave

At Sophos, we appreciate how hard it is to solve security problems when developing applications – after all, we’ve dedicated the past 30 years to innovating and improving computer security.

Since founding SophosLabs, we’ve leveraged the expertise of our security engineers and researchers, and their intelligence and analysis services, using these as the foundation of many of our solutions to the most difficult cybersecurity problems.

Today, we are opening the doors on the Early Access Program for SophosLabs Intelix, our new cloud-based, threat intelligence and threat analysis platform, which is built from the same SophosLabs services that underpin our industry-leading solutions.

SophosLabs Intelix works via Application Programming Interfaces (APIs), part of our a Representation State Transfer (REST) web service. This approach ensures that all software developers of different skill levels should have no trouble getting access to our new services.

SophosLabs Intelix allows software developers around the globe to harness high quality, curated threat intelligence and rich, detailed threat analysis in their own tools, applications, and services. All without compromising on quality, performance or security, and removing the need to consume, aggregate and correlate multiple services from different vendors.

SophosLabs Intelix will initially offer three key services:

1. Cloud Threat Lookups quickly identify known threats in files, URLs, and APKs.
2. Static File Analysis analyses files using machine learning and static analysers.
3. Dynamic File Analysis executes files in a sandbox to reveal their behaviour and intent.

The Sophos Labs Intelix APIs will be available via the AWS Marketplace. Users have the choice between a monthly free tier or Pay As You Go (PAYG) pricing. The monthly free tier will allow each user a set number of API calls to each service for free, paying only for the requests that exceed the monthly free allowance.

For our partner community, SophosLabs Intelix is joining our Sophos Cloud Security Provider Program, adding to the range of technologies and solutions our partners can offer their customers.

Through enabling software developers to tap into the same technologies we use to drive our security solutions, we hope developers will innovate on top of our APIs, kick-start new security solutions, build more secure applications and services, and help make the digital world a safer place to be.

Join the SophosLabs Intelix Early Access Program today.

Learn more about SophosLabs Intelix.

Cybercriminals are becoming increasingly proficient at infiltrating enterprises to steal data for profit, acquire intellectual assets or to simply cause destruction. High profile breaches frequently making the headlines however are just the tip of the iceberg with global losses due to cybercrime projected to hit a staggering eight trillion dollars by 2020.

Enterprises today are now contending with highly organized adversaries who are persistent and have deep pockets and the technological resources that rival most Fortune 100 companies; keeping pace has been arduous. The infographic below depicts the top three cybersecurity issues challenging organizations as they steer towards digital transformation and where a trusted security partner can have significant impact.

Privileged access security is a key pillar of an effective security program. We take our role as a trusted adviser to our customers very seriously and are constantly looking for new ways to help evolve existing privileged access security programs – or guide organizations that are getting started – to prioritize risk and identify opportunities to measure success and demonstrate quantifiable value to the business. CyberArk has interviewed hundreds of organizations, including customers and those who have not yet adopted a privileged access security solution, to determine the biggest hurdles companies face when it comes to privileged access security and what they need to overcome them. We found three key trends:

• Organizations, especially those with resource constraints (basically every company, everywhere), struggle to identify the security goals that provide the most security value to their business in terms of both cybersecurity risk reduction and ROI.
• Companies that adopted a PAM solution were able to accomplish the goals they originally set out to achieve, but they didn’t know where to go next to continue improving their security. They often spoke of “best practice” programs they wanted to follow, but had difficulty applying those programs in a way that provided tangible outcomes specific to their needs.
• Organizations are looking for cybersecurity tools that provide clear advice, backed by quantitative methods to help guide them along their security journey.

CyberArk is proud to introduce the CyberArk Privileged Access Security Assessment Tool to guide organizations across all three fronts.

During an assessment, a technical expert from CyberArk or one of our certified partners will sit with your team, walk you through the process with cybersecurity assessment tool and discuss how your organization is protecting privileged accounts and access today. We frame this conversation on the CyberArk Privileged Access Security Cyber Hygiene Program, which defines seven goals organizations should strive to accomplish to build a comprehensive program to secure privileged access. Based on our findings, the CyberArk Privileged Access Security Assessment Tool will deliver three outputs that will inform not only your technical teams, but also business and IT leaders who are becoming increasingly interested in what security teams are doing to protect the brand.

Output 1: Privileged Access Security Score

Security score and evaluation history from the Privileged Access Security Assessment tool

You can think of the privileged access security score as similar to a FICO or NPS score in that it reflects concrete metrics and can be tracked over time. The score is based on feedback provided to assessment and evaluation criteria developed by CyberArk. The Privileged Access Security Score is something tangible that organizations and security leaders can use to demonstrate the progress they’ve made  in building a strong privileged access security program.

Output 2: Rich comparison data

Comparison data from the Privileged Access Security Assessment tool

The rich comparison data provides a comparison against peers based on industry, company revenue, number of employees and a variety of other distinctions. We call this collection of attributes a reference group. This data is crucial for leaders interested in understanding how their investment compares to others in their reference group.

Output 3: Assessment report, complete with specific recommendations

For companies that have completed an assessment already, this output has been cited as the most significant in terms of direct value to the business. The assessment report provides companies with a recap of their most recent assessment, a visual history of their assessments, the comparison data from above and, most importantly, specific advice based on their individual feedback.

We give companies technical and process recommendations for the two of the seven goal of the assessment.  These are the areas they should prioritize in the next 12-24 months and the assessment report clearly defines the actions to take to improve privileged access security and protect your organization’s business.

Read the press release to learn more about how the industry, including leading cyber security insurance firms, are leveraging Privileged Access Security Assessment Tool from CyberArk. Get started by filling out a request form or by reaching out to your CyberArk representative.

Read the original article, here.

As Shep Hyken recently noted, personalization continues to become more personal in the customer service field. Personal information (PI) is the future of business, as it provides clients with a customized experience and helps businesses eventually sell more.

However, it means companies will have to curb the wave of consumer rights advocacy and comply with at least one privacy regulation, such as the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the recently proposed U.S. federal privacy law Data Care Act and so on.

One may treat privacy legislation, with its strict requirements and enormous penalties, as a big stumbling block for business, but I perceive it as a huge enabler. Here are five ways privacy regulations may help boost your business.

1. Optimize business processes.

Privacy regulations enable greater transparency around the data collected by your company. For example, the CCPA requires businesses to disclose the “categories and specific pieces of personal information the business has collected” about them. Though not all privacy laws require you to explicitly inform customers on that information, companies still need to thoroughly audit the data they have to understand what kind of information they store and why.

This is a brilliant opportunity to ask yourself why you collect this data, whether you use it efficiently and how you can optimize its use. This deeper understanding of the data flow will provide more visibility into your business processes and help optimize them or find new ways of leveraging gathered data (by providing extra personalized experiences, for example).

2. Improve data management and achieve cost efficiency.

Another question you may ask yourself after auditing the data is whether you really need all of this data. Most likely, you don’t need it all. Thus, ongoing auditing for the sake of compliance will actually enable your company to prune out unnecessary data, such as redundant, obsolete and trivial (ROT) files, that have no value to your business.

By cleaning up repositories, you can slash costs on data processing and storage, get more predictive bills if you store data in the cloud and wisely allocate your budget.

3. Create a global knowledge base for employees.

Privacy laws grant consumers control over the data businesses hold on them, such as the CCPA’s right to erasure or the GDPR’s right to be forgotten, the right to access and modify data and so on. To handle these requests, you should improve the findability of data (i.e., reorganize repositories and make data globally indexed and searchable).

It’s hard to achieve this without investing in additional technologies, such as data classification and enterprise search software. But it wouldn’t be cost-efficient to spend X amount of money and human resources to deploy this technology just to satisfy occasional data subject requests. This is like buying a Porsche just to drive your children to school down the block.

Instead, you can use additional capabilities to reorganize and index the data you have, or at least the data business employees might need — not just consumers’ PI. This way, your company will improve its corporate memory. Moreover, employees will be more efficient while working with accessible, exhaustive and searchable data, won’t lose business opportunities and will keep contributing to the company’s long-term growth.

4. Achieve audience loyalty and trust.

To truly benefit from the privacy legislation, it’s important to step up and voluntarily take extra responsibilities by extending privacy requirements to all of your clients, not just those who are protected by the CCPA (California consumers), the GDPR (EU residents) or any other standard. By meeting customer demands for data privacy globally, your business will create a stronger bond between your brand and clients.

This can be used as part of impactful positioning that will give you a competitive advantage and help you stand out from the crowd. You can demonstrate to clients that your company is done with annoyingly formal checkboxes and cookie notifications. Instead, show that you are eager to provide them with a clear privacy policy statement explaining how all your customers can benefit from entrusting you with their PI and what measures your company takes to secure it.

The greatest way to tackle data privacy is by being honest and straightforward about it. When people become increasingly suspicious about their privacy, such an attitude is a way to go.

5. Revamp the security strategy.

The cost of data breaches and business downtime due to theft or loss of critical data continues to grow. So, another benefit of privacy legislation is encouraging companies to overhaul their security policies.

Indeed, it is almost impossible to only protect regulated data and leave the rest of the IT infrastructure out of scope. Therefore, your company will have to establish stricter control over activity across the entire IT environment, initiate solid data protection workflows and better comprehend IT risks. In the long run, this will help you invest more adequate resources in security and decrease the risk of severe security incidents.

There’s no doubt that achieving compliance with data privacy laws is stressful and resource-intensive, and many companies will be prone to taking a formal approach to it. However, don’t be shortsighted. Adhering to data privacy standards is more than marking a checkbox — it is a way to greatly boost your business, stay ahead of the competition and meet the global demand for business consciousness and respect for human privacy.

Read the original article, here.

Cybersecurity isn’t getting any easier. To better understand the day-to-day reality for IT teams we recently commissioned a survey of 3,100 IT managers in 12 countries.

This independent, vendor-agnostic study revealed a number of common challenges:

• Security: 68% of organizations had experienced a threat that got through their defenses in the last year, 90% of which were running up-to-date cybersecurity at the time.
• Visibility: 43% of network traffic is unclassified, meaning IT teams are unable to see and control it.
• Resourcing: 2 in 3 IT managers say their budgets for cybersecurity (technology and people) is too low, and 80% wish they had a stronger security team in place.

As these results show, despite ongoing investment in cybersecurity the traditional approach isn’t working. Why? Because cybercriminals connect multiple techniques in their advanced attacks, but most security products still work in isolation.

It’s time for a different approach.

Synchronized Security is the cybersecurity system where Sophos endpoint, network, mobile, Wi-Fi, email, and encryption products work together, sharing information in real time and responding automatically to incidents:

• Isolate infected endpoints, blocking lateral movement
• Restrict Wi-Fi for non-compliant mobile devices
• Scan endpoints on detection of compromised mailboxes
• Revoke encryption keys if a threat is detected
• Identify all apps on the network

Everything is managed through a single, web-based management console, so you can see and control all your security in one place.

The Best Threat Intelligence Technology at the SC Awards 2019 Europe is testimony to how Synchronized Security is transforming the way organizations manage their security.

By automating incident response, delivering new security insights, and simplifying management  it reduces risk, enhances cross-estate visibility, and enables organizations to scale their security without scaling their resources.

Watch this short video to hear what our customers have to say about Synchronized Security.

Read the original article, here.

Sophos announced the launch of Intercept X Advanced for Server with EDR, bringing the power of Endpoint Detection and Response (EDR) to Intercept X for Server.

EDR gives you the ability to proactively hunt down evasive threats across your server estates (and endpoints with Intercept X Advanced with EDR), understand the scope and impact of security incidents and to confidently report on your security posture at all times.

EDR also allows you to:

• Search for indicators of compromise across the network
• Prioritize events for further investigation
• Analyze files to determine if they’re potentially unwanted or true threats
• Answer tough compliance questions in the event of a breach.

Evolving EDR

EDR is designed to investigate the grey area of files that are suspicious but cannot be immediately identified as malicious or benign. That’s fantastic in theory, but the reality for many organizations is that EDR tools require a level of knowledge and time investment that simply cannot be met.

At Sophos we take a different approach. We start with the strongest layer of protection that blocks the latest threats like ransomware and exploits, and also reduces the grey area of suspicious files that need investigation. In effect this means there is less to investigate and it is easier and faster to find the needle in the haystack.

On top of that you get the latest threat intelligence from SophosLabs helping you to make an informed decision on whether a file is benign or malicious.

Download the datasheet to learn more and then try it for free. If you’re a Sophos Central user, you can start a trial directly from the console.

It’s now one year on since the GDPR came in to effect – a regulation with an aim to standardise data protection laws across the EU, increase the privacy and protection of personal data and extend the rights of the data subject. So what has happened since GDPR go-live this past year, and what have we learnt?

According to IAPP research, since go-live, over 500,000 organisations have a registered Data Protection Officer in place – a new required position under the regulation for organisations meeting certain criteria that oversees compliance and data protection obligations.

The new regulation has prompted over 200,000 cases to have been created by data protection authorities and over 94,000 complaints received, ranging from right to erasure to unfair processing.

The GDPR overhauled and detailed new requirements for data breach notifications, which has seen a major increase in reported data breaches – estimated at over 64,000, and in some countries more than double the previous year’s amount.

The hottest topic related to GDPR was how infringements would equate to fines for organisations at fault – to date over €56,000,0000 fines have been issued as GDPR enforcement actions, however, the largest single fine was issued to Google and contributed to the majority of the global total at over €50m.

GDPR and the rest of the world

It should not to be forgotten that the GDPR is applicable not only to EU countries, but any country that holds EU citizen data and although only a small proportion of the total number, this past year has seen almost 300 cross-border cases raised.

Although described as an evolution rather than revolution, the GDPR has ushered in similar data protection regulation proposals across the globe. The California Consumer Privacy Act (CCPA) has been signed in to law with further deadlines to agree and adopt the legislation, although currently only at state level, it’s looking likely the U.S will adopt a GDPR style regulation nationally in the future.

Brazil, Latin America’s largest economy and its Lei Geral de Proteçao de Dados (LGPD) regulation has been modelled directly after the GDPR for 2020, and Australia have solidified data breach notification requirements since 2018 with the Australian Privacy Act amendment.

What have we learnt?

The data is enough to show a turn of the tide on the protection of personal data and enforcement for those who fall short, still – year one is a transition year and with that, we should expect a lot more movement in following years.

The positive note is that it’s not only organisations who are waking up to the need to protect personal data, but other countries now who are adopting similar style approaches for their own citizens personal data.

We have learnt that since the GDPR has been enforced, the majority of businesses have had an enormous amount of resource and investment required to offer the level of protection of personal data, which the average citizen may have been surprised hadn’t previously been in place.

The general consensus is that there is still a long way to go until a GDPR style approach to data protection is realised globally.

Data classification and GDPR compliance

If you want to learn more about how data classification supports GDPR compliance by visual labelling, enhanced workforce awareness of the value of the data used and metadata labels facilitating data security, data management and retention policies, then download our resource: EU GDPR – Protect Sensitive Personal Data On EU Citizens Fact Sheet or request a data classification demo.

Discovering that you’ve been the victim of a breach is never pleasant. Perhaps your customers’ data was stolen and now sits in the wilds of the internet. Maybe your intellectual property and trade secret were compromised. Or you could be concerned the adversaries are still actively lurking on your network.

If this is you, you should have a couple of things already in place, including a well-rehearsed response plan and a digital forensics and incident response (DFIR) retainer. Both help prevent you from having to mobilize a strategy and find expert help during a time of unfolding chaos.

That said, if you’re at the point where the rubber meets the road, it’s time to get moving. Here is what you can expect will be necessary to accomplish in the hours, days, weeks and months following a breach discovery. Part of the burden will naturally fall on you, but outside help is available to amplify your efforts or compensate for any internal resource shortfalls.

1) Make the call.

If you can’t handle the full spectrum of breach response yourself, get in touch with a DFIR investigator immediately. The faster they can begin their investigation, the better.

2) Document the situation.

Back in my university days, I was a Canadian Navy Reserve officer. A useful lesson from training school that applies here is that before starting any mission, document your situation. Write down the systems/data that have been impacted by the breach, methods that could contain the situation, and how those methods might affect your operations, data, and evidence.

3) And document some more.

Time will speed up as you’re investigating a breach. You’ll be working on it, while also providing updates to others and figuring out next steps. Because of the pressure, it’s easy to forget steps if you’re not recording them. Keep a record of what actions are being taken and when. This detail will help immensely when you’re restoring systems and tracking evidence.

4) Make copies.

Back up systems and data before making any changes. You might need that data later if changes don’t go well, or you might want to further study any malware or viruses on affected systems.

5) Identify what else might be affected.

When an incident is identified, determining which systems are affected is the easy part. More difficult is tracking how those systems interact with the rest of the network, what information may be on them and how that information could enable an attacker to pivot to other systems. It’s better to be wrong and assume the worst than assume attackers got no further than the initial target.

6) Implement containment.

Many options exist to stop the bleeding. Remove compromised systems, update firewall rules, change passwords and more. These steps probably won’t constitute a final resolution, but they will give you time to put a more comprehensive solution in place.

7) Review breach notification requirements.

Ideally you already have this information available in your incident response plan, but if you don’t, you should know that requirements vary by state, country and even industry. And in some cases, you will have to provide notification for a region even if the affected systems weren’t in that region (e.g., if personnel in that region were impacted).

8) Consider legal counsel.

Lawsuits are a common outcome following breaches, but your liability can be managed. Depending on the systems and data affected, you might want assistance from a law firm that specializes in cyber law.

9) Notify stakeholders.

In addition to your requirements to provide breach notifications, you will likely want to proactively notify customers, partners or other interested parties if their data was affected or potentially affected. In your notification, you’ll want to include what actions they should take to protect their own systems and data.