Rushed data breach notification can aid the attackers

Eric M. Friedman of Stroz Friedberg argues that rushing data breach notification may aid the criminals and cause greater harm to the very consumers we are trying to protect by notification.

He writes, in part:

One of the most important and time consuming tasks is scanning the massive corporate network for evidence of intrusion. These scans run across thousands of workstations and servers. When new signs of compromise are found, new scans must be run, searching for the new identifiers. During a breach response, an entire network may be searched a dozen times. Investigations are further complicated when hackers erase and encrypt their digital footprints and lay false paths for investigators. Initial investigative theories are often contradicted by new evidence. As a result, the questions that authorities and the public commonly ask about the provenance and scope of the breach often cannot be answered within a few weeks.

Then, consider what happens if intruders are still in the network when notification is made. They’ve just been alerted to step up their game, steal more consumer data, install back doors, and delete evidence. The plan to force them out could end before it begins if the network is not sufficiently remediated before notification.

Read more on Stroz Friedberg.



About the author: Dissent

Comments are closed.