The Expert View: Surviving and Thriving Following a Data Breach

When a cyber-attack hits, what separates disruption from disaster is how well an organisation can contain the damage and get back on its feet. That was the theme of a TEISS dinner at the House of Lords, hosted by BT and Illumio, where senior executives discussed how companies can recover and even improve after a breach.

 

Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio, explained how his company uses micro-segmentation to ensure that businesses can continue to operate, even while a cyber-attack is underway. He described his firm’s approach with a simple image: “Imagine someone breaks into your house – we keep them locked in one room.”

 

For Tristan Morgan, Managing Director of Cybersecurity at BT, the focus is no longer on avoiding attacks altogether. “We all know it’s not if but when,” he said. “What matters is how resilient you are and how fast you can bounce back.”

 

A shifting threat picture

Artificial intelligence (AI) has changed the rhythm of both cyber-defence and attack. Several guests said AI use in the business introduces new vulnerabilities. However, others said they treat it as just another technology that must be secured with the usual fundamentals, by knowing what data it touches, who can reach it and where it connects.

At the same time, AI is already part of the defensive toolkit. Some attendees talked about using it to sweep networks for weak spots or model how incidents might spread. Yet criminals are doing the same in reverse. 

Fraudsters use automated tools to gather online material about executives that they can use to craft convincing phishing messages.

 

Morgan noted that BT has seen malicious text messages double in 18 months, evidence that automation is helping attackers dramatically increase their output. But others said the most stubborn risk remains older systems that were never designed to face the internet. Long lifecycles and bespoke software leave vital machinery exposed. “Legacy kit is still where the holes are,” one participant admitted.

 

Laying the groundwork

Preparation, attendees agreed, starts with deciding what services are crucial to the business. Organisations should know which services form their “minimum viable company” and have plans to restore those first. One way to identify them is to consider how the company would continue if a particular service was unavailable, and what would be needed to get it back online.

 

Of course, people are more important than technology. “Staff are your first line of defence,” said one delegate. Security awareness must be a year-round effort, and not just an annual tick-box exercise. Attendees recommended working with the organisation’s learning and development teams because they have expertise in teaching.

 

Asked whether endless reminders about inevitable breaches might make employees fatalistic, attendees suggested that nobody wants to be the person who causes real damage. That instinct depends on culture.

Supply-chain exposure came up repeatedly. Few organisations know much about their suppliers’ suppliers, and that hidden layer is often where compromises occur.

 

Governance was another theme. Policies and playbooks must keep pace with changing technology, and regulation, participants said, should be seen as the floor, not the ceiling. Building a co-operative relationship with regulators was described as valuable preparation.

 

The only way to ensure that all these measures are effective is with regular testing. Table-top drills and live simulations expose gaps that paperwork misses, from communications to technical recovery. “Be honest about what you’ve really tested,” urged one attendee. Full rebuild rehearsals are costly, requiring a separate environment, but organisations that can provide them will be better prepared.

 

Resilience as the new normal

When an attack happens, hesitation can be disastrous. “Doing nothing is still a choice,” said one executive. Quick decisions, backed by a clear chain of command, sustain momentum.

 

Most agreed the real engine room of any response is one layer below the executive team: the specialists who know the systems inside out. Having an incident-response “A-team” ready to act at short notice can be valuable.

But an incident is emotionally and mentally challenging. Supporting the people who are dealing with it is vital. Some organisations appoint a chief care officer during crises to handle logistics, food, rest breaks and childcare, so responders can focus. Long incidents test morale as much as technology.

 

Keeping the customer viewpoint front and centre often helps steer decisions. “If you act in the customer’s interest, the right choices usually follow,” one guest observed.

 

As the dinner ended, Morgan reflected that the group had a very mature understanding of the challenges. “Everyone recognises that technology brings benefits as well as exposure,” he said.

 

Dearing agreed that the discussion marked a cultural shift. “We’ve moved from talking about cyber-security to talking about resilience,” he said. “Breaches will happen, that’s a fact. What counts is keeping the business running while you deal with them.”

---

To learn more, please visit: www.bt.com & www.illumio.com