The 5 Stages of a Security Breach May 23 2017 The recent cyber breaches including WannaCry which affected Microsoft products and most recently, a new malware called “XData” in the Ukraine, have highlighted the reality that cyber attacks happen to people and companies at all levels. Hackers and cyber attackers do not discriminate from the mom and pop shop who use a software program to keep their business records to the large enterprise that has its own information technology team. That’s why it’s time to do something now before you find yourself going through the five stages of grief when it comes to a cyber breach. Stage 1: Denial No one likes to admit when they’ve done something wrong, and most people don’t think they’re vulnerable or that something bad could happen to them. The fact of the matter is everyone is at risk. It’s not a matter of if a cyber breach will occur but when. The Identity Theft Resource Center reported almost 400 breaches containing 7.4 million records in the first three months of 2017. The 2017 Verizon Data Breach Investigations Report finds that of the reported incidents and data breaches it analyzed in the past year, 81 percent involved stolen or weak passwords 73 percent of breaches were financially motivated 66 percent of malware was installed through malicious email attachments. Turning a blind eye will hurt your customers, your pocketbook and your reputation. Stage 2: Anger Your company’s data was breached, and now a lot of people are upset. Your boss is angry and doesn’t think you did your job – it might not hurt to polish up that resume – and it became worse once your customers were notified. If the media becomes involved and the breach goes viral, misinformation and anger will reach epic proportions, adding to the confusion. When your customers aren’t happy, nobody’s happy. Remember The Home Depot and Target’s 2013-2014 data breaches in which millions of customers’ credit cards, debit cards and non-card customer records were compromised? Their customers no longer have the same trust in them as a company and are upset it didn’t have the proper systems in place to prevent the breach. Your company’s reach may not be as wide but the effects are still the same. Stage 3: Bargaining Damage control is in full force. Existing clients need to be courted to prevent them from becoming former clients. They need quality customer service to assure them the company will make things right and offer better protection of their information in the future. This could result in paying for free credit monitoring services to keep people happy and put their minds at ease. If ransomware was used to breach your system, you may need help from a security services provider or negotiate a lower ransom rate to regain the company’s information. Hacker’s demands aren’t always about money. The group that claimed responsibility for the Sony Pictures hack in 2014 demanded the company cancel the release of a comedy called “The Interviews” as well as monetary compensation. Regulators may also be involved if you’ve let sensitive data be vulnerable to breach. And depending on the forgiving nature of your boss, you may be negotiating to keep your employment with the company. Stage 4: Depression This can become a critical time in which the company is dealing with a substantial amount of loss: data, capital, clients and customers, money and its reputation. You and those responsible may or may not lose your jobs. Depending on the backlash from customers, you could have a lawsuit on your hands. The Home Depot reported it incurred $163 million in net expenses from the 2014 data breach that resulted in 57 class-action lawsuits filed in the United States and Canada. Target’s 2013 breach cost the company $220 million in net expenses including a settlement for $18.5 million on May 23, 2017. Customers may feel hopeless, especially if they’ve experienced any identify theft or fraud. You might also face stiff fines from regulators for the data breach. Stage 5: Acceptance You know things went terribly wrong. Now you have to fix them and prepare for the future. The biggest step toward acceptance is realizing security threats will never go away. You can thwart some of them but not all. That’s why cyber security is a continual process of assessing whether your data is safe and finding new methods to keep it secure. Security services, likely from a third party, will need to be put in place to ensure your company has the systems in place to safeguard against cyber breaches. A Security Gap Analysis, Disaster Recovery(DR) or Business Continuity Plan, a DR Test, and an Incident Response Plan are all actions you should take to protect your organization and prepare for future attacks.. Acceptance will make you a wiser company and help you draw and retain more customers. ACS has successfully helped organizations like yours reduce their risk and mitigate the effects of a harmful breach. Our certified Security team will work with you to assess your environment and develop and implement strategic Security, Disaster Recovery, and Incident Response plans to secure your organization. Speak with a trusted advisor today.