Incident Response and Recovery
With daily headlines and ubiquitous information relating to data breaches, it’s no longer a question of if, but when your business is going to be breached. Suffering a data breach will not always lead to a catastrophe however, mishandling your company’s response most certainly will.
How your company responds to a data breach may ultimately define the future of your business. Many companies aren’t aware of their obligations for correctly investigating a data incident and can cause more damage mishandling their investigation than the breach itself. Many companies still don’t have a Data Breach Incident Response Plan, whilst those that have one, may never have tested the effectiveness or practicality of the plan.
Investigation Process
Many businesses are still unaware of the correct procedures for investigating a data incident, often blindly relying on their IT team or third-party provider for assistance. Not all incidents are notifiable data breaches however, they should all be treated as such until proven otherwise.
The typical response for many companies is for IT to contain the breach, reactively investigate some logs, restore from backups and return the business to normal operations as soon as possible. This approach may further expose your business to additional risk through deletion or destruction of potential evidence or altering the chain or continuity of evidence and thus potential non-compliance.
Most data breaches are considered high tech crime offences, as defined in Commonwealth legislation within Part 10.7 – Computer Offences of the Criminal Code Act 1995, and the crime scene, whether physical or cyber, should therefore be treated accordingly.