The latest and greatest from Sungard AS



Data Centre

Recovering from a data breach

11th April 2016

A data breach can prove hugely damaging for any business. As well as the direct financial repercussions of payouts and fines, the longer term reputational impact can be difficult to overcome. Over the last year or so we’ve seen businesses from a broad range of sectors affected, from startups to huge multi-nationals. The vulnerabilities that enable these data breaches to occur can be the result of human error, a malicious former or current employee, or a cyber-criminal working from the outside. In any case, businesses should be aware of the best ways to react and respond to data breaches, in order to prevent similar incidents from happening in the future.

What to do when a data breach occurs

When a data breach occurs, the most important thing for a business or IT team to remember is to stay calm. Keeping a clear head will enable staff to work quickly, but responsibly, to assess the damage.

The first stage of this assessment, of course, is identifying that a data breach has occurred. If the breach was poorly executed there may be some tell-tale signs, such as the discovery of malware, reduced computer speed or simply any kind of unusual system activity. However, more sophisticated attacks will be difficult to identify, which is why so many businesses only realise they’ve experienced a data breach months afterwards. Fortunately, advanced breach detection tools are now gaining popularity with many organisations.

Once you’ve determined that a breach has occurred, it’s time to grasp the damage caused. Firstly, note the time and date of the breach, secure the premises to preserve evidence and take affected systems offline to prevent further data loss. Then, employ third-party or in-house forensics teams to collect information and determine the scope of the damage. Legal teams should also be consulted to evaluate any regulatory issues and identify what level of disclosure is required.

Once the damage has been assessed, the recovery process should then focus on preventing a similar attack from taking place in the future. The best way to achieve this is to learn from any mistakes or vulnerabilities that are present in your existing security systems. Understanding how the breach occurred is the first step to patching any security holes. Frequent vulnerability assessments, combined with regular software updates will also ensure that business defences are as robust as possible. Third party vendors, like Sungard Availability Services, can also be employed to provide comprehensive security and compliance services to provide businesses with the IT solutions and expert support required to stave off future attacks.

Although businesses would like to be able to prevent all future data breaches, in reality this is not possible. The evolving nature of cyberattacks and the ever-present possibility of human error means that it is usually a case of when, not if, a breach will occur. Before disaster strikes, businesses should assemble a response team to coordinate the company reaction to a data breach. It is vital that key tasks, along with timeframes and budgets, are outlined.

A cultural change can also help prevent future data breaches. Encourage employees to consider and implement data protection strategies into their daily work. Regular training, alongside data breach trial runs, will help keep employees vigilant against the cyber threats targeting your business. Organisations will also benefit from clear security policies, including data authorisation protocols, mobile device management and encryption software.

Although all businesses would rather prevent than react to a data breach, it is important for all organisations to be able to recover from disruption. By acting quickly and calmly, businesses can isolate the source of the breach, collect evidence and evaluate the best way of preventing repeat incidents. Perhaps the most important thing for businesses to remember is to document every aspect of their data breach incident, from discovery to disclosure. The cyber threat landscape is evolving all the time and businesses must evolve too if they wish to avoid becoming the next data breach headline.


For help managing your IT resources, Sungard AS consulting services provide businesses with world-class expertise that ensures they are prepared for anything that the cyber threat landscape throws at them.