Bzzz. Bzzz. Bzzz. Bzzz.
I glance at the clock as my BlackBerry dances across my nightstand. It's 3:16 a.m.
"Who could be calling me at this unsightly hour?" I mumble.
I pick up the BlackBerry.
"Hello?" I ask in a groggy voice.
"Sir, I'm sorry to wake you, but we've been hacked, all our customer records have been stolen and posted online...I mean all of them. And the database is empty, we lost everything"
"This guy could be an auctioneer at a livestock auction," I say to myself, still trying to wake up.
"We've been hacked!" John screams in the phone.
"Slow down, that part I understand."
John proceeds to provide the detail once again at a more comprehensible speed.
"John, have you initiated the computer incident response plan?" I ask.
"Yes, you are my second call." John explains. "The technical computer security incident response team members are on their way in to the datacenter now."
"Great! I should be in there in less than an hour."
As I finish getting dressed, I grab my copy of the incident response plan from my closet safe and began calling the assigned points of contact. I brief representatives from legal, public relations, IT operations, physical security, and information security operations.
The adrenaline is kicking in now. "I guess I'll skip my first cup of coffee," I think as I walk past the kitchen and head out the door. "Time to work on staying off the cover of the Wall Street Journal."
How will you react if you receive a similar call? Are you prepared to appropriately respond to a breach or compromise of organizational or client information?
While the incident above is a work of fiction, data breaches of client information are all-too-frequent events. According to the 2009 Data Breach Investigations Report from Verizon Business, 285 million records were compromised in 2008. And incidents such as the one described above do occur, such as the recent Virginia Prescription Monitoring Program compromise. If you need help comprehending what 285 million records really means, consider that the size of the US population is roughly 306 million.
If your organization has yet to develop an incident response plan or a computer incident response team, take a look at the resources provided by the Carnegie Mellon CERT. And don't forget to simulate your plan to ensure that it meets the operational realities of your organization.
Ben Halpert, CISSP, is an information security researcher and practitioner and writes monthly about security. Comments, questions and requests can be sent to him at firstname.lastname@example.org; please include SECURITY in the subject line.