Recent insight from Forrester information security analysts John Kindervag and Rick Holland may leave a number of IT professionals feeling conflicted. According to the duo's latest report, Planning for Failure, network administrators often unwittingly destroy valuable cybercriminal evidence in their rush to patch security vulnerabilities in the immediate aftermath of a data breach.
"You must decide if you want to prosecute before you remediate," the report argues, according to Network World. "Things work differently in real life than it does on your favorite crime investigation show. Too often, companies clean up a breach and then decide later they want to find and prosecute the perpetrator. Unfortunately, they've just cleaned up most of the evidence, and true justice becomes illusory."
Unfortunately for data security professionals, it seems these incidents may represent a time for choosing the lesser of two evils. According to Network World, keeping security loopholes open to preserve evidence could expose a company to further danger. There is also no assurance that law enforcement officials will be prepared to facilitate the investigation in a timely manner.
But regardless of the data breach resolution strategy ultimately selected, time is of the essence. Kindervag and Holland advise companies to "make an investigation and prosecution decision immediately" after discovering the issue, according to Network World.
It remains to be seen how the global IT community will respond to this insightful, albeit discouraging, news.
Data breaches continue to be a prevalent concern in the private sector, as companies often suffer significant operational and reputational effects as a result of such incidents. According to CIO Insight, less than half of businesses classify their reputation and brand image as a resilient asset, with many fearing irreparable damage from data breaches. For many corporations, these are valid concerns, as millions of dollars are at stake.
The public sector has also seen its fair share of data breaches lately. According to CBC News, the Canadian government is one such organization suffering the ill effects of cybercrime. Citing data from Telus-Rotman researchers, "insider" data breaches have risen 68 percent in the nation since 2008, and nearly 30 percent this year alone. When such incidents occur, everything from economic to national security can be compromised.
It may be a natural response for IT teams to go after the perpetrators responsible for these damages, but as Forrester cautions, anger should not be the primary consideration shaping resolution plans.
Data Security News from SimplySecurity.com by Trend Micro