Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashdot Asks: Does Your Company Have A Breach Response Team? (helpnetsecurity.com)

Posted by EditorDavid on from the cracking-the-budget dept.

This week HelpNetSecurity reported on a study that found that "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Caleb Barlow, Vice President, of IBM Security."

But the most stunning part of the study was that each compromised record costs a company $158 (on average), and up to $355 per record in more highly-regulated industries like healthcare, according to the study -- $100 more than in 2013. And yet it also found that having an "incident response team" greatly reduces the cost of a data breach. So I'd be curious how many Slashdot readers work for a company that actually has a team in place to handle data breaches. Leave your answers in the comments. Does your company have an incident response team ?

23 of 47 comments (clear)

  1. Naw by Anonymous Coward · · Score: 5, Funny

    My company has a breach denial team.

  2. Fortune 500 by tero · · Score: 1

    In words of Alex Stamos (Facebook CISO, back then Yahoo CISO): Fortune 500 consists of "SECURE 100" and "TOASTED 400".

    I'd say it's about right.

    Source:
    http://image.slidesharecdn.com...

    By the way, I highly recommend that talk:
    https://www.youtube.com/watch?...

    1. Re:Fortune 500 by fraxinus-tree · · Score: 1

      SECURE 5 and TOASTED 495 is much, much better approximation

  3. Two questions in return by angel'o'sphere · · Score: 1

    a) due to the lack of a base ball bat, do "Bokken" (jap. wooden swords) count? I have plenty of them :D
    b) does a single man count? Or do I need to be a dwarf for that?

    Oh? You ment a completely different kind of breech? I just pull the DSL connector from the wall!

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  4. No, we have breach prevention by fustakrakich · · Score: 1

    We turn our computers off at night...

    --
    “He’s not deformed, he’s just drunk!”
  5. Nah by Greyfox · · Score: 4, Funny

    They've come up with a much better solution. Their security is just so bad that they never notice that they've been hacked. They seem to think that if they're completely inept, the hackers will feel bad for them and fix some things before they log out.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    1. Re:Nah by Anonymous Coward · · Score: 2, Funny

      I worked at a place that got hacked, and the only reason anyone noticed is because of the work the hacker did to close the door behind them. A year after they patched the system, there was work on a project and it was returning an error because they were checking for the particular database for both the server type and version. Only after more investigation did someone realize the server was updated and even more that the update was done by none of the IT staff. I don't believe that they ever figured out everything because after the investigation started, they started deleting logs and whatnot. The sad part is, is if they just checked the server type and not the versions, it may not have been noticed at all.

    2. Re:Nah by i.r.id10t · · Score: 1

      Indeed. The college I work for just a few weeks got around to trying to hire a CISO

      --
      Don't blame me, I voted for Kodos
    3. Re:Nah by turbidostato · · Score: 1

      "They've come up with a much better solution. Their security is just so bad that they never notice that they've been hacked"

      And the company is still in business? Then they most probably just followed the strategy that brought them the best bang for the buck. Why they should do anything different? Heck, why anybody should expect anything different?

      For the most part all this security this, security that is just money thrown to theater for no benefit and a lot of money wasted in the way, both for the security-whatever itself, and the inefficiencies and costs of opportunity involved.

  6. Major retailer by Anonymous Coward · · Score: 1

    Yes. I worked for a major retailer who was burned badly in the recent past. They've spent an astronomical amount of money creating a breach-response monitoring center and other safeguards to prevent such a thing from happening again.

    1. Re:Major retailer by Sax+Russell+5449D29A · · Score: 1

      It's too bad this usually happens only after there's been a breach. If security is done well from day 1, there are usually no significant breaches. The downside of "costly" information security is that if it works well, it seems useless to the execs. Seen too many times how they gradually cut the budget to oblivion because they don't get nice little reports detailing how many attacks were blocked and what would've been the associated costs. There's really no solid way of proving the need for strong security measures except trusting the word of people who know what they're doing in that particular area.

      --
      -SR
    2. Re:Major retailer by turbidostato · · Score: 1

      "I worked for a major retailer who was burned badly in the recent past"

      Like... 4$ million? If it is less, that's not even average, according to the (hard to believe) article's summary.

      "They've spent an astronomical amount of money creating a breach-response monitoring center and other safeguards to prevent such a thing from happening again."

      Given that there will be big recurring costs coming along, there's any relationship between the damage from the event and the cost of the response? Or is it that a high executive ego's got too hurt and, well, since it's only corporate money, better big than nothing -and it probably will increase his bonus, on top of that!

    3. Re:Major retailer by turbidostato · · Score: 1

      "I made this original post and no... my group alone (one of many in the corp involved in security) has a $5 mil yearly budget for roughly 20 people"

      So just your team (one in many, as you say) could be "exchanged" by an "average security incident" yearly and your company still would be a 20% ahead. Hard to believe the way your company is targeting "security" is an effective one.

  7. depends on IT criticality by omgwtfroflbbqwasd · · Score: 1

    Of the firms I've worked for, only the large ones (>$20B/yr) that depend heavily on IT had a dedicated in-house incident response team. Smaller shops ($5-20B) or those that rely less on IT would outsource it. Small enterprises with a 1-5 man security team probably have just a written plan that's never tested. Anything under $1B/yr in revenue probably doesn't have a security team at all unless they are an Internet-based company.

  8. Re:Yes. by Bozzio · · Score: 1

    Lemon. Party of 3.

    --
    I just pooped your party.
  9. They are prepared all right by Anonymous Coward · · Score: 1

    If anything like that happens, blame is instantly assigned to a sacrificial goat, the goat's name is passed on to HR, and a cardboard box is deployed.
    Nothing else is changed.

  10. Corporate breach response team by xeno · · Score: 1

    There's a small software company in Redmond that has a long standing well funded breach response team. It's called Marketing.

    (This is only kinda a joke. The SSIRP process was largely developed, funded, and driven by Marketing, with follow-on engineering and remediation by security teams.)

    --
    I think not...(*poof*)
  11. Health care... nope by spywhere · · Score: 1

    I work for a major assisted living provider.
    Not only do we not have a plan, we don't have a clue. Our Windows machines are still running an old version of Java, and everyone is local Administrator. There is no official policy against downloading or installing stuff, so the place is a Festival of Malware. We have three people on the Security team for 60,000+ computers.

  12. Re:Behold the buzzwords of clickbait by dougTheRug · · Score: 1

    This one is just fine, but the crypto-currency article is really really bad. I don't understand it. BTW I couldn't find a single buzzword in this summary. What did you think was a buzzword?

  13. Re:Not Needed by l0n3s0m3phr34k · · Score: 2, Funny

    Did you follow through, and make the "hackers" pay for the wall?

  14. HAHAHAHHAHA! Nope. by epseps · · Score: 1

    I have never experienced such an increase in intrusion threats that have coincided with denial that there is any problem at all.

    Its so bad, I am starting to become one of those tin-foil hat IT guys who is starting to believe that management has been blackmailed by the "hackers" (not yet but that is the road I am on). I also, more seriously, believe that the increase in "Cybersecurity" firms and "Ethical Hackers" correlates to the increase in incidents. The old "Gotta hire a criminal to prevent a crime" is really turning out to be a bad idea.

    The key to security is competent system administrators, but all the older ones are getting canned in favor of younger DevOps who went to "code camp" one summer and used AWS to host an app no one bought.

  15. Yes, we do by Opportunist · · Score: 1

    And I'm part of that team. We have plans and processes for pretty much anything that can happen, down to pre-written statements for the PR goons so they have something to feed to the press while we're finding out what went wrong and detailed instructions for everyone what to do, who to talk with and more importantly, who not to.

    That breach a few months ago, where a company lost multiple million bucks, sure was a wake-up call. Right now, everything that deals with (serious amounts of) money has to go through a very rigid process, whether you're some clerk or the CEO himself. Let's see how long it lasts before our bigwigs get inconvenienced by it enough to return to hand waving, but right now at least we have processes in place that put the process manager in me in my happy place.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  16. A quote from ... by Fnord666 · · Score: 1

    "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently,"

    said the guy who wants to sell you a service.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables