Dedicated Server Data Breach and your Incident Response Plan
It is unfortunate but a lot of times necessary to actually expect a dedicated server data breach and have plans for how to deal with such a scenario. This can involve the speed of your reaction, how the announcement is made and how it has been resolved. It is indeed possible to not recover from an outside attack if handled improperly and being vague about how the attack was made successful. At the same time, however, advised not to reveal too much how the attack was successful in case hackers can exploit this vulnerability again, especially if it involves incidents outside of a company’s control such as BYOD’s, phishing attempts, or spoofs etc. It can be best to keep staff and employees informed and updated on how the breach occurred but not necessarily alert every visitor outside of a company.
Determine what is most at stake and most valuable to an online business. Is it data, reputation, user privacy, basic security etc.? Then determining the correct course of action and knowing this before an event is vital. This will help speed up any effort in recovering from such an event also knows as an Incident Response Plan.
The cost of a breach
Ponemon Institute conducted interviews of over 1,000 individuals in 9 different countries and revealed that U.S. organizations had some of the most expensive dedicated server data breaches averaging at $188 per incident recorded. The U.S. also came out on top for the most in losses due to these breaches totaling $5.4 million. Malicious and criminal attacks were by far the most costly of all data breaches at $277 per record.
The stronger the security defenses that are in place the less the damage should be. Notifying data breach victims will help stop the attack from being as successful as it could be. If the company is targeted, assist those who were affected by the data breach. Obtaining help from an outside service can also help significantly. Their expertise can be in dedicated server data breach damage control and investigation.
Incident Response Plan
Speed is of the essence and if the targeted company is always lagging behind in recovering from a dedicated server data breach, the attack will remain successful for longer than it could be. This is why an IRP is vital in staying ahead of an ongoing attack. Can you disconnect the server or disable ports and investigate via IPMI or KVM? Can you block all connections except a very small number of IP’s? How quickly can an outside security service assist and patch up a vulnerability? This list can go on and depending on the online business involved, will be more suited or appropriate to that particular company. Make sure you have yours set up and ready to go when the time requires it.
Discover. Fix. Prevent.
Never determining how the dedicated server data breach was effective is not a successful conclusion to an attack. Determining how the attack was successful and what was done to stop it permanently is vital. Clients will definitely want to know how the attack is being resolved. They should also know if they need to take action on their end. Being transparent in such an event is better than to try and cover up a breach. Again, how the attack was pulled off technically is not necessarily required, however, general information on how the attack was done and a workable resolution is a must. Attempting to contact all users that they need to update their security is in many cases, not a solution. It would be highly advisable that the dedicated server has it’s security measures made stricter even if it may inconvenience users. This is where speed and communication are key in minimizing the possible hassle users may experience and why it is being done.
It can indeed happen in many cases that the company itself was not at fault. Instead, it could be due to a third party service. This can involve web-based control panels, attacks on the data center, software vulnerabilities, hardware etc.
A current attack may be detected by security software and thus the incident can be discovered immediately, stopped and the defenses made stronger in that particular area of attack. Hopefully, such an attack can be a learning experience for future server hacking attempts.