Skip to main content
Microsoft Security

How to recover from a security breach

Experts estimate that ransomware attacks are up over 600 percent. For most companies, the issue isn’t if a cyberattack is going to happen, but when. Some security experts advise that the best way to recover from a security breach is to plan for it before it happens.

Today we take you through:

Strategies for building a plan for a cybersecurity attack

It’s natural to focus on technology and systems during a cyberattack, but it’s just as important to understand how your business is going to respond to the event—internally, to your customers, and to the general public. How do you escalate information and to whom? You often need to integrate input from communications, operations, IT, finance, and other departments. That’s why creating a plan is so important. You want to make sure you can respond quickly and have the right outcomes for your business priorities.

You also need to identify the impact on your systems. Understanding the technology impact during a breach often involves coming up with an internal security operations center (SOC) process flow, decision trees, and a communications escalation process that identifies when you get information, who is told about it, when are they told, and what they need do about it. We often place information into different categories to give us the opportunity to identify information and the business the chance to think things through and build the plan before there’s an actual incident.

Four tips for sharing information with your customers

Companies that contain a security breach in less than 30 days can save millions of dollars. That’s an incentive. But the impact of a breach is more than just financial—it impacts your reputation.

Here are four tips for responding to customers in an efficient, thoughtful way that can mitigate the damage of the attack:

  1. Deliver the right message to your customers after a breach—quickly. Companies used to have the luxury to wait and let the investigation play out before updating the public. Now there is the expectation that if a company has information, it’s doing a disservice to its customers by withholding it.
  2. Be simple and clear. This is where working with your communications team is essential. Practice your communications and response plan before it happens to learn how to improve.
  3. Be cautious. Being transparent and clear doesn’t mean that you have to say absolutely everything about the investigation. In technology, investigations can lead to additional discoveries. Make it clear that the investigation is ongoing and provide updates as the story unfolds. Don’t say anything that you wouldn’t stake your job on, because you might have to.
  4. Divulge any information that could benefit customers who have been affected by the breach and think beyond your business. In 2018, Under Armour reported that their fitness and nutrition app, MyFitnessPal, was hacked. Email and hashed passwords were stolen—affecting 150 million users. Under Armour advised customers to change the password for their app and anywhere it was used. That action demonstrated to customers that the company thought about the impact of the breach beyond their product.

Increasingly companies are expected to think about their customers beyond their specific relationship and consider how a data compromise impacts a customer’s relationship with other companies and accounts.

How to mitigate or prevent cyber incidents

The modern threat landscape is growing in sophistication and volume. As everything is becoming more digitized, there are more ways for bad actors to harm your company.

Here are some best practices that you can use to monitor your environment and combat threats:

Visibility is a key component to effective cybersecurity and monitoring. This includes having a good SOC and visibility into mobile users, remote workers, and business partners. The more you know about what’s happening on your network, including the cloud, the more effectively you can safeguard your environment.

Cyber hygiene and up-to-date security tools are necessities for businesses of all sizes.

Get started

For more detail on actionable tips from security experts on how to recover after a data breach, watch the video, How to recover from a security breach.