After a Data Breach, Don’t Get Distracted by the Blame Game

Cybersecurity coverage has taken an odd turn. In the not-so-distant past, when a data breach occurred, journalists would zero in on the kinds and amounts of data that were stolen, and the amount of reputation and bottom-line damage the breach would likely result in. Lately, though, focus has shifted to who perpetrated the breach rather than how it happened.

When it comes to network breaches and data theft, there are more pressing issues than trying to ascribe blame. When your system is hacked, there are five questions that are more important to ask than who was responsible:

“How did the attackers get in?”It’s critical to have network visibility. If security managers have a real-time view of every connected device, every authorized user and how secure each device is, they have a better chance of pinpointing where the weakest links are in their armor.
“What was stolen?”The timeline for determining the scope of a data loss can be excruciating. This is especially damaging when a data breach affects consumers. Quantifying the breach with speed and confidence causes an affected company less harm in the long run.
“How can we mitigate this?”Fixing the damage is more important than placing blame, and speedy remediation is dependent on good visibility. The faster you can see and determine the size of the rip in your safety net, the faster it can be repaired. Companies have a clear fiscal incentive to minimize downtime, so this element is critical to running a business seamlessly.
“What can we learn from this?”In the vein of “Fool me once, shame on you; fool me twice, shame on me,” cybersecurity defenses must evolve intelligently, automatically and rapidly to prevent the same tactic from working twice. Pragmatic, real-world defense depends not on making a network impenetrable but on making it so challenging to crack that most attackers will eventually move on to easier targets.
"Is the threat actually eliminated?” Once a breach has been detected, tremendous energy is put into stopping and assessing the extent of the impact. However, without proper visibility, most companies are left wondering if they are still being breached – that is, whether the attackers left undiscovered backdoors that will allow them back into the company’s systems later, when the incident response goes down.

Though trying to hunt down the culprits may seem more exciting, asking these five questions – which is more complex and time-consuming – zeroes in on the key information needed to mitigate and prevent cyberattacks.

There’s something very satisfying about solving the riddle, finding the perpetrator and bringing him or her to justice. But these efforts are largely wasted in the world of cybercrime. It’s far more productive to channel your energy toward looking into the network for a fuller understanding of how the attack occurred, what was taken and how the damage can be fixed as quickly as possible. Next, make sure that the criminals can’t get back in and set up such impenetrable defenses that they don’t want to try to get back in. Don’t be distracted by the relative glamour of finding the attackers; answering the five questions above is the ticket to stronger network defense.

Pedro Abreu has served as senior vice president and chief strategy officer of ForeScout since March 2015, where he is focused on advancing corporate strategy that bridges product development, sales and marketing. Prior to joining ForeScout, Abreu held several senior-level strategy and operations roles with Intel Security, EMC and McKinsey. He earned an MBA from Haas School of Business at U.C. Berkeley, and a CS in Computer Sciences from Instituto Superior Técnico in Portugal.