In a previous article, I briefly mentioned what a data breach was and gave a general overview of how an organization or entity should handle it. I spoke about how companies can draft a comprehensive incident response plan to tackle any future attacks. But what if you are the person in the company who is responsible for managing and implementing the IT infrastructure? The position I am talking about is that of a Chief Information Officer (CIO) or as most would like to call them ‘the sacrificial lambs of a data breach response.’
Let me give you some background as to why I used that phrase. Suppose a data breach has occurred, and you take the necessary steps to limit the damage done. However, you will not be able to stop the blow it will have on you financially and in terms of reputation. With the level of damage caused, shareholders are considering future risks, executives are worried about getting fired and facing lawsuits, and the board members are also into the play. The average human tendency is to blame someone for a disaster.
So, everyone tries to play ‘pin the blame on the CIO.’ While blaming one person might be unjust, and this is the only option most companies will exercise to thwart the damage done to their reputation. I am not making this up. In 2014, after a data breach of 40 million credit card details and 70 million customer details, the CIO of Target was forced to resign. In 2019, CIO of Equifax had to resign following a massive data breach. The list is quite long.
However, this is not always a losing battle for the you. If appropriate preventive measures are taken, there is a big chance that you will not be shown the door after a breach. So, what should you do in case of a data breach? First, let us understand who a CIO is.
Who is a CIO, and What is their role?
A Chief Information Officer is a job title given to a senior executive in a company that is responsible for managing, implementing, and working with information technology and computer systems. A CIO typically reports to the Chief Executive Officer (CEO).
CIOs need to have proficient knowledge in business and IT to help support enterprise goals. CIOs should possess hard and soft skills to excel at their job. They must know the technology trends and have working knowledge of every department’s functioning to determine their IT needs. They need to be a bridge between IT and non-IT employees. Furthermore, the CIO works closely with the Chief Financial Officer (CFO) by playing a crucial role by using ICT to help control costs and increase profits. They are also responsible for planning for recovery from any possible disasters or incidents.
Understanding CIO’s role in security
Now earlier, I mentioned a couple of people getting sacked over data breaches. That was not meant to scare you off the job. If anything, that should be an extra piece of motivation to have security as your top priority. Now, why should a CIO be involved in security apart from the “sacking” part? CIOs are the best in the company to understand the complexities and working of the IT infrastructure and the services. CIOs should, therefore, extend their focus on these three key areas:
- Internal security awareness programs
- Regular security reviews
- Comply with regulatory standards
- Securing the workplace
- Special data
Now, after all this, if there is a data breach, what should a CIO do?
- First and foremost, do not give up. He/She should not simply throw their hands up and say something like, “The end is near.” As I said in my previous article, it is imperative to act immediately. The goal is to limit the damage and not to see the ship sink.
- The speed at which the CIO and his team can respond to a threat is crucial. Assessing the damage, securing unaffected departments, finding the root of the problems, doing damage control, and shutting down servers and accounts should be done immediately.
- Determine the immediate risk the attack poses to the entire system’s stability.
- Communication is essential. Getting the legal and public relations team on board as fast as the IT team is equally important. Inform the customers, stakeholders, and board members about the attack, its magnitude, and what you are doing to lessen the damage. Physically lock away any servers, PCs, or other compromised resources that are related to the breach.
- Assist the forensics team in every possible way.
- Secure the evidence as you may have to defend yourself and the company in a court of law. Preserve the evidence so that the data can be forensically analyzed and admissible in a court of law.
- Put your incident response plan into motion. Start communicating and taking the lead on every aspect of the plan. Enact different contingency plans as that will keep most of your data immune to the threat.
Cloudanix can help you and your CloudOps teams to minimize the chances of any security lapses. Sign up for a free trial for a better cloud security posture of your organization.
Know more about
- How to respond to a Data or Security Breach?
- DevOps Must Have Top 10 Tools For Collaboration around Cloud Workloads
- If You Are Doing These DevOps Things, You Are Doing It Completely Wrong