Preparing for the Worst: Lessons in Data Incidents Response

18.02.2022 Preparing for the Worst: Lessons in Data Incidents Response

Global trends demonstrate that the cybersecurity threat landscape is constantly expanding, and cybercriminals are increasingly motivated by monetisation of their activities. That is the reason why TGS Baltic together with PR and IT specialists have invited clients and contacts to the webinar “Preparing for the Worst: Data Incidents Response”.

Data breaches is the new normal

“What we face today is not only common data breaches, but also more sophisticated attacks like malware, ransomware, supply chain threats, cryptojacking, and many other cyber threats. That is why we as legal advisers invite clients to be prepared for the worst,” says Mari-Liis Orav, Head of Data Protection Practice Group at TGS Baltic, Estonia.

As more data breaches occur, cyber incident response is becoming more multi-disciplinary than ever. Aleksei Gornõi, a cyber operations expert, notes that more and more stakeholders are involved, and it is no more a surprise to coordinate IT actions with data protection officers, insurers, external lawyers, heads of security, PR consultants, and even local law enforcement representatives. “Containment of a data breach is always the most stressful, as it usually happens on Friday afternoon or just before everyone leaves to celebrate some national holiday,” remembers Aleksei. “You are aware of a breach happening, you know that you have to act right now, yet the incident team is offline, responsible officers are unavailable.”

Improvisation within legal framework

As Arina Stivriņa, Co-Head of Data Protection Practice Group at TGS Baltic, Latvia, overviewed during the webinar: “Since 2018, the GDPR requires us to detect and contain data breaches, then immediately perform an initial assessment of all the facts and circumstances related to the breach upon receipt of the information and then notify data protection authorities or data subjects when necessary.”

According to A. Stivriņa, the most common mistakes in this area are twofold: firstly, to make a distinction between a data breach and a security incident and to determine whether the data breach is notifiable, secondly, to report the data breach within the timeframe of the GDPR. “Each case should be evaluated individually, yet the common rule is to be very proactive within the first 72 hours. The data protection authority might forgive your errors in an initial data breach notification, yet it might not let it slip if you ignore the notification requirements altogether or are late with the report.”

Mistakes that could easily be avoided

“Not thinking about impacted stakeholders, the roots of the incidents, the time-scale of the events are also often overlooked,” stated Mindaugas Civilka, Head of Technology Industry Group at TGS Baltic, Lithuania. M. Civilka reminded to the participants of the webinar that the first line of defence is always people; therefore, businesses must educate, train them, and be prepared for irrational human behaviours. “Good policies and procedures help overcome human errors; of course, the policies need to be adapted, learnt, and tested in practice.”

“You do not want to waste time in agreeing on definitions or roles when crisis occurs,” added A. Gornõi. “Preparation is essential, and technology can help.” According to the cyber operations expert, manual response to data crisis is likely to be too slow and too costly. Automation driven security technology is capable of containing incidents faster, although businesses still overlook such opportunities and are not fast in investing them.

“A dead body in Armani is still a dead body”

Arijus Katauskas, Managing Partner at communication agency Nova Media, finalised the webinar with recommendations how to act publicly when data incident occurs. “One has to admit that you are in a losing game and that your response publicly will never be fast enough,” comments the PR expert.

Isolation of a data incident can help maintain your business, and business continuity must remain one’s ultimate goal. According to A. Katauskas, to fight in a media war, you will need resources, and resources will soon become limited if you only direct your energy to maintain a positive public image instead of trying to keep your business going. A dead body in Armani is still a dead body. Therefore, accepting that you will not have the most positive public image is the key to ensuring your business continuity.

The recommendation to avoid crisis accelerators was shared with the webinar participants. “Lies trying to blame someone and keep up with social media commentators are the main accelerators of such a crisis. Preparation in advance and coordination of actions with PR, legal, and IT experts is your key in managing data breaches in the least painful way,” summarised A. Katauskas.

You are invited to review the webinar recording here - webinar | Preparing for the Worst: Data Incidents Response or here: