Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
After the data breach: Managing the crisis and mitigating the impact
Journal of Business Continuity & Emergency Planning,
9
(4),
317-328
(2016)
Abstract
Historically, the unauthorised access and theft of information was a tactic used between countries as part of espionage campaigns, during times of conflict as well as for personal and criminal purposes. The consumers of the information were relatively isolated and specific. As information became stored and digitised in larger quantities in the 1980s the ability to access mass amounts of records at one time became possible. The expertise needed to remotely access and exfiltrate the data was not readily available and the number of markets to monetise the data was limited. Over the past ten years, shadow networks have been used by criminals to collaborate on hacking techniques, exchange hacking advice anonymously and commercialise data on the black market. The intersection of these networks along with the unintentional losses of information have resulted in 5,810 data breaches made public since 2005 (comprising some 847,807,830 records) and the velocity of these events is increasing. Organisations must be prepared for a potential breach event to maintain cyber resiliency. Proper management of a breach response can reduce response costs and can serve to mitigate potential reputational losses.
Keywords: data breach; cyber attacks; cyber resilience; response planning; crisis management; business continuity
The full article is available to subscribers to the journal.
Author's Biography
Hart S. Brown is the Senior Vice President of Organizational Resilience for the Risk Service Division of HUB International, the global insurance brokerage firm. He has 20 years of experience of crisis management, security and global risk management in both the public and private sectors. Hart has provided services in 50 countries for special events, such as the World Cup, during times of crisis, data breaches, cyber extortions and one of the largest bankruptcies in US history. Hart is the Vice Chair of the ASIS Crisis Management & Business Continuity Council, co-author of the ANSI standard on auditing risk, resilience, security and continuity management, and a member of the CSO Roundtable, OSAC, DSAC, FBI-Infragard and the DHS Fusion Center. He has a BS in radiological health engineering, an MS in safety engineering and is board certified in organisational resilience, business continuity and loss prevention.
Citation
Brown, Hart S. (2016, June 1). After the data breach: Managing the crisis and mitigating the impact. In the Journal of Business Continuity & Emergency Planning, Volume 9, Issue 4. https://doi.org/10.69554/VAYJ4809.
© Henry Stewart
Publications LLP
Publications LLP