Data Breach Response Guide - Experian
Data BreachResponse GuideBy Experian Data Breach Resolution2018-2019 Edition
ForewordData breaches are on the rise: in 2017, 5,2071 incidents were reported worldwide, and1,5792 originated in the U.S. alone. Given this environment, it’s critical for businesses andconsumers alike to take cyber security seriously.Every day, organizations continue to battle sophisticatedcybercriminals who continuously evolve their tactics andtechniques to access and profit from valuable, sensitiveinformation. Regardless of your organization’s size, the threatof a data breach continues to increase. While the numberof data breaches making headlines seems to have quietedin comparison to last year’s avalanche of highly-publicizedevents, this decrease doesn’t equate to a safer cyberenvironment. Instead, it suggests cybercriminals are growingmore advanced in their ability to access sensitive materialsundetected.Ensuring you have the right people and processes in placebefore an attack occurs can make a significant difference inhow an attack impacts your company’s operations, reputationand bottom line. When your organization experiences a databreach, time is of the essence. The longer it takes for yourorganization to respond after an attack, the bigger the hitto your company’s reputation and customers’ loyalty. Byacting swiftly and strategically, your company can get back tobusiness as usual.There is room for growth when it comes to preparing for abreach. Despite the increased risks around of a breach andthe emphasis these risks put on preparation, Experian’s2017 Annual Data Breach Preparedness Study found just 19percent of employees thought their organization’s data breachresponse plan was highly effective. Additionally, only 31percent of respondents were confident in their organization’sability to recognize and minimize spear phishing incidents,while even fewer (21 percent) were confident in theirorganization’s ability to deal with ransomware. With a growingnumber of organizations have a data breach response plan inplace (88 percent),3 it’s clear that the majority of companieswant to be prepared but understanding the infusing industrybest practices is critical for an effective plan.It’s vital for organizations to take the initiative and prepare forthe inevitable. Regardless of where your organization falls onthe preparedness scale, there’s never been a more importanttime to boost your efforts.The likelihood of a data breach will only continue to climb, butthe measures you put in place today can greatly minimizethe damage and disruption to your organization. This guide isintended to be a useful tool and resource for any organizationlooking to improve its cyber security and preparednessefforts. Data breach preparedness is no longer optional inour current threat landscape – your customers, reputationand future demand you take steps to formulate a concreteresponse plan today.Sincerely,Michael BruemmerVice PresidentExperian Data Breach Resolution12017 Year End Data Breach Quick View Report, Risk Based Security, 20182ITRC Data Breach Report 2017, Identity Theft Resource Center, 20173Fifth Annual Study: Is Your Company Ready for a Big Data Breach? Ponemon Institute, 2018Contact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 2
Table of ContentsForeword2Implementing a Simulation Exercise15Introduction4Developing Your Simulation16Keeping Pace with Cybercriminals5Developing Injects16Engaging the C-Suite6Quiz: How Prepared Are You17Creating Your Plan7Responding to a Data Breach18Start With a Bullet-Proof Response Team7The First 24-hours18Engage Your External Partners9Next Steps19Managing Communications andProtecting Your Reputation20Protecting Legal Privilege21Taking Care of Your Consumers22Influencers10What to Look For in a Partner10Additional Considerations11Selecting Legal Partners11Incorporating PR and Communications12Managing International Breaches12Practicing Your PlanResponsibilities of Your Team1414Auditing Your Plan23Areas to Focus On24Preparedness Audit Checklist25Helpful Resources 2018 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks ofExperian Information Solutions, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners.Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promisesor guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstancesof each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.Contact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 326
IntroductionWhen a company experiences a databreach, the effects are felt far beyond thewalls of the tech and security teams.Since 2005, more than1,104,625,430 records havebeen compromised as theresult of a data breach. 4From legal to customer service to the executive team, every employeeshould be aware of and prepared to participate in a robust databreach response plan. Last year, the Identity Theft Resource Center(ITRC) reported the number of U.S. data breach incidents hit a newrecord high of 1,579, which is a drastic upturn (44.7 percent) from2016. This year, as of July 2, there have been 688 data breachesexposing more than 22 million records.4With data breaches becoming a regular occurrence, response plansare a critical component of any business’s cyber security strategy.For companies who are just starting to think about developing a planor for those looking to update current practices, this guide illustrateswhat a comprehensive data breach response plan should look like andhow to implement one in a way that meets the security challengesthat lie ahead.Identity Theft Resource Center: 2018 Data Breach Category SummaryTotals for Category:# of Breaches% of Breaches# of RecordsReport Date: 7/2/2018% of dical/Healthcare18127.1%3,248,54514.5%Totals for All Categories:668100.0%22,408,258100.0%Total Breaches: 668 Records Exposed: 22,407,2582018 Breaches Identified by the ITRC as of: 7/2/201842018 Data Breach Stats, Identity Theft Resource CenterContact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 4
Keeping Pacewith CybercriminalsRansomwareRansomware is the top variety ofmalicious software, found in 39 percentof cases where malware was identified.5The world of cybersecurity is ever-changing.New threats appear on a daily basis and cybercriminals continuously escalate their techniques and capabilities. If you’refinding it difficult to keep up with the ever-evolving threat landscape, you’re not alone – seven out of 10 organizations reporttheir security risk increased significantly last year.6Tactics and TechniquesWhile developments in artificial intelligence (AI) and machinelearning (ML) enable cybersecurity professionals to predict andidentify potential threats, these technologies present a doubleedged sword as more and more hackers leverage them tocreate more sophisticated attacks. With the help of AI and ML,cybercriminals can enhance traditional hacking techniques likephishing scams or malware attacks.For example, cybercriminals could use AI and ML to make fakeemails look more authentic and deploy them faster than everbefore, causing more extensive damage to a broader groupof people. Cybercriminals are also taking advantage of therise of Bitcoin, which has given way to a new kind of threatcryptomining malware. Whether in the form of drive-by miningattacks or scams used to access cryptowallets, cybercriminalsare taking every opportunity to exploit the rising value andpopularity of cryptocurrencies.While cryptomining is becoming increasingly popular,cybercriminals still depend heavily on tried and true hackingmethods, such as malware and spear phishing, which continueto grow in scale and sophistication. Recently, we’ve also seenan uptick in fileless attacks, which avoid the use of maliciousexecutables and are more successful at bypassing securitymeasures than traditional, file-based attacks. In fact, filelessattacks are 10 times more likely to succeed than file-basedattacks.7While anticipating the next approach cybercriminals will take isnearly impossible, we can look to previous and current trends toget an idea of what to expect in the months and years to come.It’s important to remember that while technology advancessecurity measures, cybercriminals can also harness it withmalicious intent. Any data breach preparedness program shouldbe updated regularly to accommodate threat changes and risks.52018 Data Breach Investigations Report, Verizon, 20182017 Cost of Data Breach Study, Ponemon Institute, 20177The 2017 State of Endpoint Security Risk, Ponemon Institute, 20186Contact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 5
Engagingthe C-SuiteEngagementOnly 39 percent of company C-suite executivesknow a data breach response plan exists.8The involvement of the executiveteam greatly determines the successof a data breach response plan.Lack of leadership engagement in the creation andimplementation of a response plan can cause organizationssignificant challenges in creating a culture of cyber security.Despite the importance of their involvement, most boards ofdirectors, chairmen and CEOs are not actively engaged andoften avoid responsibility in data breach preparedness. Lessthan half of employees (48 percent) say C-suite executivesare informed and knowledgeable about how their companiesplan to respond to a data breach. Further, only 40 percent oforganizations claim their boards understand their specificsecurity threats.9Organizations can help get buy-in and involvement fromthe C-suite by clearly illustrating the impact a data breachcan have on a company’s financial and reputationalstanding. When working to gain the support of yourcompany’s leadership, consider these data points: 148:The average cost perlost or stolen record10145,927,550: Number of recordscompromised in 2017 due toemployee negligence or error11 14: Average cost savingsper record with an incidentresponse team10 3.86 million:The average cost ofa data breach128Fifth Annual Study: Is Your Company Ready for a Big Data Breach? Ponemon Institute, 201892018 Data Breach Investigations Report, Verizon, 201810The 2017 State of Endpoint Security Risk, Ponemon Institute, 2018112017 Annual Data Breach Year-End Review, ITRC, 2017122018 Cost of a Data Breach Study: Global Overview, Ponemon Institute, 2018Contact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 6
CreatingYour PlanPreparationAssemble your breach response teamto ensure end-to-end preparedness.Start with a bullet-proof response teamRegardless of the size of your organization, a data breach can have a significant impact on your business. Having a responseplan and team in place can help you prevent further data loss in the event of a breach and avoid significant fines and harm toyour reputation.If you’re waiting until the actual discovery of a breach to decide who will be responsible for leading and managing the incident,you’re already too late. A response team should be assembled well in advance and involve the coordination of multiple departments.The following internal members, external partners and influencers should play critical roles in your response plan:Customer CareExecutive Leaders Assists in or crafts phone scripts Ensures executive management supportsteam decisions Logs call volume and top questions and concerns Maintains a line of communication to the board ofdirectors and other stakeholders such as investorsContact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 7
Creating Your PlanIncident LeadInformation Technology Determines when the full response team should beactivated Identifies the top security risks your company shouldincorporate into its incident response plan Manages and coordinates your company’s overallresponse team and efforts, including establishingclear ownership of priority tasks Trains personnel in data breach response, includingsecuring the premises, safely taking infectedmachines offline and preserving evidence Acts as an intermediary between C-level executivesand other team members to report progress andproblems, and as the liaison to external partners Works with a forensics firm to identify compromiseddata and delete hacker tools without jeopardizingevidence and progress Ensures proper documentation of incident responseprocesses and proceduresLegalPublic Relations Determines how to notify affected individuals, themedia, law enforcement, government agencies andother third parties Determines the best notification and crisismanagement tactics before a breach ever occurs Establishes relationships with any necessaryexternal legal counsel before a breach occurs Signs off on all written materials related tothe incident Tracks and analyzes media coverage and quicklyresponds to any negative press during a breach Crafts consumer-facing materials related to anincident (website copy, media statements, etc.)HR Develops internal communications to inform currentand former employees Organizes internal meetings or webcasts foremployees to ask questionsContact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 8
Creating Your PlanEngage your external partners:CommunicationsForensicsCommunications partnersshould have experience helpingcompanies manage highlypublicized security issues anddemonstrate an understanding of the technicaland legal nuances of managing a data breach.Forensics partners have theskills to translate technicalinvestigations of a data breachinto enterprise risk implicationsfor decision makers within the organization. Develops all public-facing materials neededduring an incident Provides counsel on how best to position theincident to crucial audiences Helps to manage media questionsData BreachResolution ProviderA data breach resolution partneroffers various services andextensive expertise in preparingfor and managing a breach. Handles all aspects of account managementand notification including drafting, printing anddeployment (they should also have an addressverification service) Provides a proven identity theft protectionproduct, comprehensive fraud resolution andsecure call center services Advises your organization on how to stop dataloss, secure evidence and prevent further harm Preserves evidence and manages the chainof custody, minimizing the chance of altering,destroying or rendering evidence inadmissiblein courtLegal CounselLegal partners should have anestablished relationship with localregulatory entities, such as thestate Attorney General, to helpbridge the gap during post-breachcommunication. Indicates what to disclose to avoid creatingunneeded litigation risks based on the latestdevelopments in case law Ensures anything recorded or documentedby your organization balances the need fortransparency and detail without creatingunnecessary legal riskContact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 9
Creating Your PlanInfluencersState Attorneys General and RegulatorsIt is important to establish relationships early with your stateattorney general and other regulatory entities to streamlinethe response process and timeline in the event of a breach.Because the majority of state notification laws now requirecompanies to notify regulators upon discovering a breach, it’sbest if they are familiar with your organization ahead of anissue. To be prepared, you should maintain a contact list andknow state-specific timeframe requirements for notification.Additionally, it’s important to keep abreast of new stipulationsas requirements evolve.Law EnforcementSome breaches require involvement from law enforcement.Meeting with your local FBI cyber security officer ahead of abreach to establish a relationship will serve you well whenSixty-nine percent of databreach response plans includeprocedures for communicatingwith state attorneysgeneral andregulators.13managing an active incident. Be sure to collect appropriatecontact information early on so you can act fast when thetime comes and inquire about an up-front meeting. Duringan incident, law enforcement can help look for evidence acrime has been committed and, in some cases, be the first todiscover a breach has occurred.What to Look for in a PartnerWhile the right external partners may vary depending on your organization, we’ve identified five important considerations whenvetting for your response team:1. Understanding of Security and PrivacyRegardless of their line of business, partners should havea background supporting different types of data breaches,along with comprehensive knowledge of the entire breachlife cycle.2. Strategic Insights - Can They Answer and Handle“What If” Scenarios?Partners should provide compelling insights, counsel andrelevant tools before, during and after an incident to helpyour organization better navigate the response and preventfuture incidents.3. Ability to ScaleSelect partners who can scale to your organization’s sizeand potential need during an incident. While the impactmay seem small, upon closer investigation, it may bebroader than previously thought.134. Relationship with RegulatorsIf possible, data breach partners – particularly legal firms– should have established relationships with governmentstakeholders and regulators. Organizations with acollaborative relationship with attorneys general are morelikely to have their support.5. Global ConsiderationsIf your company has an international footprint, it’simportant to identify a partner’s global knowledge baseand service capabilities, including awareness of breachlaws in different countries or the ability to implementmultilingual call centers.A pre-breach agreement is a contract with apartner executed before a data breach occursto establish the relationship and ensure thepartner is ready when you need them.Fifth Annual Study: Is Your Company Ready for a Big Data Breach? Ponemon Institute, 2018Contact us at 866.751.1323 or visit us at experian.com/databreach Data Breach Response Guide 10
Creating Your PlanAdditional ConsiderationsModern cyber insurance policies offer several other valuable resources to companies, including access to leading attorneys, forensicsinvestigators, data breach resolution providers and communications firms to help navigate complex incidents. Further, many policiesoffer additional valuable services ahead of an incident, such as access to risk management tools and pre-breach consultations withresponse experts.When selecting a policy, there are several key considerations to keep in mind as part of the process:»» Work with an experienced broker: Companies should enter the market witha solid understanding of the type of coverage they need, as well as the rightpartner to assist them in the buying processes. Working with an insurancebroker who has specific expertise in cyber insurance will help ensure yourcompany selects the right policy and insurer to meet your needs.»» Understand your security posture: Being able to demonstrate a strongsecurity program and types of security incidents most likely to impact yourorganization helps ensure you get the right level of coverage. Working withyour insurance broker to demonstrate a strong security posture to insurerscan also prove useful when negotiating the terms and cost of a policy.Despite t
Jul 02, 2018 · 9 2018 Data Breach Investigations Report, Verizon, 2018 10 The 2017 State of Endpoint Security Risk, Ponemon Institute, 2018 11 2017 Annual Data Breach Year-End Review, ITRC, 2017 12 2018 Cost of a Data Breach Study: Global Overview, Ponemon Institute, 2018 Only 39 percent of company C-suite executives know a data breach response plan exists.8 .File Size: 1MB
MOSAIC USA BY EXPERIAN SELECT Documents from the Help MENU From the Documents menu SELECT the Interactive Multimedia Guide to Mosaic USA by Experian. A new browser window will open displaying Experian’s Interactive Multimedia Guide to Mosaic USA. Note: This is an Experian web site, which often takes a few moments to open.
EXPERIAN COLLECTION ADVANTAGE 27.0 OVERVIEW The Experian Collection Advantage Extended Service Option (ESO) pr ov ide s you access to an Expe ri an se rv ic e. Data from c oll ectio n a ctiv ity files is forwarded to Experian, and they use it to calculate a score to indicate ho
USA KOREA ISRAEL GREECE ROMANIA POLAND BELGIUM FRANCE SPAIN GERMANY DENMARK FINLAND SWEDEN NORWAY UK THE NETHERLANDS REPUBLIC OF IRELAND CZECH REPUBLIC HONG KONG TAIWAN SINGAPORE JAPAN Mosaic Available In Development Experian Mosaic: rich consumer insight for 27 major economies. Experian - Global Intelligence 9 Experian utilises an unrivalled .
Experian Share Portal Manage your shareholding wherever, whenever, on the Experian Share Portal The Experian Share Portal is a secure online site where you can Sign up for electronic communications View your holdings and get an indicative value View your dividend p
5 2018 Data Breach Investigations Report, Verizon, 2018 6 2017 Cost of Data Breach Study, Ponemon Institute, 2017 7 The 2017 State of Endpoint Security Risk, Ponemon Institute, 2018 Tactics and Techniques While developments in artificial intelligence (AI) and machine learni
Experian plc 2 Strategic report Experian at a glance We are a global technology company and market leader in data and analytics. We help people and businesses to unlock the power of data and seize opportunities through
Supporting UN SDGs 1.4, 8.10, 9.3 Employees proud to work at Experian 86% Unbanked people who could benefit through alternative data sources and Experian technology platforms 1.7bn People reached by United for Financial Health 35m Debt renegotiated via Limpa
In recent years technologies like Artificial Intelligence (AI) is been proved immensely valuable to SCM. As the name suggests AI defined as the ability of a computer to independently solve problems that they have not been explicitly programmed to address. The field of AI came to existence in 1956, in a workshop organized by John McCarthy (McCarthy Et al., 2006). In successive years the .
