Building a 'Defensible' Breach Response

Former Prosecutor Warns That Actions Will Be Scrutinized

By , October 23, 2013.
Kim Peretti
Kim Peretti

Listen Now

Read Transcript

Organizations must develop a "defensible response" to data breaches and fraud incidents because of the likelihood of a regulatory investigation or legal action, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.

"In a lot of the cyber-attacks and security incidents that we're seeing nowadays, the criminals will have left a large footprint in your environment and may have accessed sensitive data," she says. "And for any number of reasons, you can expect that there could be a regulatory inquiry; there could be a class action or any type of litigation with respect to the security incident. So the response that you take to the incident is going to be questioned; it's going to be under scrutiny. You need to have a defensible response."

In an interview with Information Security Media Group after her presentation at the 2013 Fraud Summit, Peretti, an attorney with the firm Alston & Bird, says organizations must have detailed incident response, breach response and breach notification plans that spell out all the steps to take. A breach response checklist is essential to "knowing what steps to take in the initial stages so that you can ensure the proper decisions are being made in how to approach the investigation," she says.

Three common mistakes that organizations make, Peretti says, are:

  • Hiring vendor partners that lack certain forensics skills;
  • Failing to preserve all the evidence, including communications, documents and digital evidence, such as all logs;
  • Taking too narrow an approach to the investigation. "Challenge the forensics investigators to make sure they scope it broader rather than narrower," she says. Risks to the entire enterprise need to be reviewed, she stresses.

The attorney also recommends hiring investigators that can apply big data to forensics "so a five-month investigation can turn into a five-week investigation."

Peretti is co-chair of Alston & Bird's security incident and response team. She is also a former director of Pricewaterhouse Cooper's cyberforensic service practice. Earlier, she was a senior litigator at the Department of Justice's computer crime and intellectual property section, where she led several benchmark cybercrime investigations and prosecutions, including the prosecution of Heartland Payments hacker Albert Gonzalez.

Follow Howard Anderson on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Cybersecurity - the New Agenda

The threat landscape has changed dramatically, and so must organizations' approach to...

Latest Tweets and Mentions

ARTICLE Cybersecurity - the New Agenda

The threat landscape has changed dramatically, and so must organizations' approach to...

The ISMG Network