At the recently held Experience Analytics Conference hosted by Deloitte late last year, a unique and thought-provoking experiment was conducted regarding data theft.
The discussion focused around on how one would prepare and respond to a data breach. A simulation was created around a data breach backdrop: participants were asked to imagine that they were employed at a fictional airline company that was being blackmailed over a data breach. The cybercriminals and hackers threatened the management that they would publish client and customer data stolen from this fictional airline company if a ransom of over £300,000 was not paid. Participants were divided into categories, but a distinct train of thought was observed. During the experiment, every team category was looking to postpone their outcomes and actions until they had a clear idea of the kind of data that had been stolen.
This experiment brought forth the significance of companies having predefined processes and guidelines to respond to data breach scenarios. Every group displayed a difference of opinion on a variety of discussions concerning the problem: Should the ransom be paid? How and when must the regulators be informed? Does the information need to go out to the media? Since, a data breach must be reported to the regulators within 72 hours, being pressed for time in a situation like this can be frightful. The experiment revealed a terrifying possibility: A probable data breach event would be an alarming time to expose an internal conflict within the management on the right action to take.
Despite the experiment, and even with specific data-breaches-response-policies and procedures in place, stakeholders and management will be unwilling to take any particular resolution unless there is precise understanding and revelation of the type of information stolen by the hackers.
Some of the typical questions that come up with a company at the time a data breach is exposed are:
- What kind of information? (personal, private, financial, proprietary etc.)
- How did the data breach come about?
- Did the hackers actually breach our data?
- How did the cybercriminals steal the information? Are our systems still vulnerable to them?
- What is the extent of damage, and who exactly has been affected?
While the cybercriminals themselves will reveal the kind of information that has been stolen, where and how did it originate, could be a sore point for the organisation in a real situation.
In today’s advanced and sophisticated IT environments, information is spread across systems and networks, both internally, on computing terminals within the company, and the cloud. Almost every industry today is in the throes of a data-driven digital revolution.The pressure to innovate swiftly at the cost of using personal information to build more meaningful experiences for clients is increasing across industries and sectors. Hence, along with the complexity of today’s IT landscape, it is also a dynamic and evolving one.
Discovering where data has been breached can be an enormous task. In critical situations, organisations must concentrate on the best possible outcome from the scenario, while ensuring that all decisions made must work towards accomplishing the result. However, all this and more must be done swiftly to make the right choices to respond to a data breach. But before we get to a data breach, preventive measures can significantly cut down the risk of theft and exposure.
Implementing a Digital Rights Management (DRM) solution is a secure and reliable preventive measure that can protect the access of your data and its movement while identifying suspicious behaviour. It offers you complete control over the documents and files in your organisation through robust encryption, licensing controls, and DRM controls to provide advanced protection and prevention against data breaches. Classified information stored in Word and PDF files can be protected from unauthorised access through DRM and the use of content within those files tightly controlled for authorized users. For example, whether a document can be printed or edited or if content within the document can be copied and pasted. DRM enables you to control where information can be used (i.e. the office only) and on what devices.
And coming back to the original question of this topic — would you stand up to the ransom? — the experiment revealed that almost every group of the fictional airline company chose not to. They did so for a variety of reasons. Some that were cited included strong organisational principles, and distrust in the hackers, to name a couple. One particular group chose to pay the ransom, considering it to be a viable solution. However, the experiment revealed that paying the payment did not work as the hackers published the data regardless of whether the ransom was paid or not. But this is not an indication of a real-life scenario. Since there is no conclusive answer to situations like this, it only makes more sense to have document security measures such as Digital Rights Management in place to help prevent a real-life data breach.