A data breach – what should you do when you get hit?

Danny Mesrop, Vice President of Sales, Asia Pacific & Japan at Datto

Business leaders no longer need to be told how important cybersecurity is; COVID-19 and work-from-home orders as a consequence of government measures such as the Circuit Breaker in Singapore and the Movement Control Order in Malaysia, have ensured that even the most sceptical business leaders now understand the role it plays in ensuring day-to-day operations.

Organisations rightly implement cybersecurity strategies and invest in infrastructure to defend against malicious attacks and threats. However, while preventing cyberattacks is important, it’s just as important for businesses to think about “what happens next” if they are to avoid falling victim to an attack.

According to Datto’s 2020 State of the Channel Ransomware Report, the average cost of downtime for Southeast Asian (SEA) businesses overshadows the ransom amounts cybercriminals set. Most SEA businesses on average receive ransom requests of up to SGD$8,100, however the real cost of a ransomware attack is caused by downtime. The downtime cost per attack is roughly SGD$193,600 – 23 times greater than the average ransom request.

Ransomware attacks are an increasing commonality in SEA. In 2020, Singapore saw a 74% increase in ransomware attacks while Indonesia has the second highest ransomware rate at 2.8 times the regional average, according to Microsoft’s Endpoint Threat Report.

So what does this all mean? For a start, professional services businesses should be particularly vigilant, given they’re the most attacked and are more “attractive” to attackers because of the amount of data they maintain. It also means, while it’s important to invest in technology that protects against a cyberattack, businesses must also consider how they would deal with a “successful” cyberattack in the most cost-effective way.

Reduce downtime and get back online

When a business suffers a cyberattack that halts operations, the most pressing matter is getting the business back online. In some instances this can take days or weeks, which has major implications for the organisation, its customers and employees. Getting the business up and running again, is mission critical.

As part of an organisation’s cybersecurity strategy, a plan should be developed on how the business can become operational again in the wake of a cyberattack. As part of this plan, investing in a reliable business continuity and disaster recovery (BCDR) solution is recommended.

Effective BCDR solutions backup business assets to ensure that in the case of a disaster (e.g. cyberattack, natural disaster, etc.), the organisation doesn’t suffer long and drawn-out periods of downtime. With BCDR in place, the weeks of downtime previously mentioned, can be slashed to minutes.

Back online, job done?

Not quite. If an organisation is able to get back online quickly, customers may not notice the disruption to services, however it’s still important to notify them of the incident, and do so in line with respective country guidelines or regulations.

For example in Singapore, the Personal Data Protection Commission (PDPC) implemented a bill in November 2020 whereby mandatory data breach notifications were placed into effect. According to the PDPC’s Guide to Managing Data Breaches 2.0, a data breach refers to an incident exposing personal data in an organisation’s possession or under its control to the risks of unauthorised access, manipulation or any other similar risks.

As part of the mandatory notification to PDPC, affected organisations are required to report the following:

  • Extent of the data breach;
  • Type(s) and volume of personal data involved;
  • Cause or suspected cause of the breach;
  • Whether the breach has been rectified;
  • Measures and processes that the organisation had put in place at the time of the breach;
  • Information on whether affected individuals of the data breach were notified and if not, when the organisation intends to do so; and
  • Contact details of person(s) whom the PDPC could contact for further information or clarification.

As you can see, the follow up after recovery is not quick and simple for businesses to follow, particularly in a time of high pressure following a breach. This is why it’s critical for businesses to think about how they manage and respond to a cyberattack (incorporating it into their cybersecurity strategies), just as it is important to invest in technology to prevent attacks.

No organisation wants to be the victim of a cyberattack as it creates a number of un-forecasted costs and has the potential to cause significant reputational damage. It is inevitable that in modern business, cyberattacks will always occur. As such, it is equally as important to invest in infrastructure that will protect against them and have a plan in place to effectively deal with the incident.