Data Breach – How to recover from Data Breach.
Over N127 billion is lost yearly to internet fraud in Nigeria, this amount represents 0.08% of Nigeria’s gross domestic product. For businesses, the Internet is a minefield, and you might someday become the victim of a data breach. You’ll need to take rapid action to avert calamity if that occurs. The next actions must be taken right away to increase your chances of surviving.
Immediately Following a Data Breach: What to Do
In 2021, approximately 71 percent of Nigerian organizations were hit by ransomware, while 44 per cent of the affected firms were forced to pay ransoms to get their data back, according to a new report by Sophos, a United Kingdom-based cybersecurity solutions firm.
You will be shocked to know that as of Dec 12, 2021, there is no requirement to report data security breaches or losses to the authorities or to data subjects under the NDPR. However, the Framework mandates Data Controllers to notify NITDA of Personal Data breaches within 72 (seventy-two) hours of becoming aware of the breach.
Time is of the essence when it comes to a data breach. Immediately take these actions to recover from a data breach.
- Verify the Breach: One survey of SOC professionals found that up to 50% of breach reports are false positives, meaning that no breach had occurred. It might take a lot of time and money for a security team to investigate false positives. As a result, before putting together a task force, always have your security staff validate that a breach occurred.
- Create a task force to address the issue: Create a team to deal with the breach. This maintains the centralization of all reactions and recovery operations. Your reaction will be faster if you already have an incident response strategy, with clear roles for each team member.
- Isolate the impacted accounts and machines: Disconnect the affected computer from the network if it has been infected by a virus. You might also need to restrict access to impacted accounts or temporarily disable them. Similarly, you might also need to isolate the afflicted area of your network.
- Review the Material: Once the intrusion has been stopped, keep the evidence safe and review it. Make a timeline of the events and take notes. You might need to get in touch with law enforcement or the appropriate authorities at this time. You will have a far higher chance of finding the malicious actor if you preserve the evidence.
- The flaws should be fixed: If a flaw in your system was exploited during the breach, now is the time to fix it and search for additional flaws that a future attack might use. This could involve launching a cybersecurity awareness campaign or improving an existing one, by carrying out phishing simulation exercises.
- Avoid Further Breaches: Your organization must provide a sense of security and stability for your clients. You must take action to reassure them that you are making amends if you have had a breach. You should exhibit a more robust security posture. To discover other areas of your program that require improvement, think about performing a penetration test. Consider choosing a new security framework. Their confidence will increase because of this assurance.
Read more
