Share and prepare
We frequently help customers deal with data-breaches and compromise, both organization-wide and incidents limited to a handful of devices. When the breach has been contained and the organization recovered, we always ask our customers to help us give back to the community by sharing their story. Not only is this a great learning process for all parties involved within the compromised organization, but it also has great value for other organizations and their security teams or IT operations. When an organization tells the world how it got breached and what specific actions would have effectively prevented it, they also help us strengthen the infosec community.
In some situations, public disclosure, detailed nor otherwise, is not advised or even feasible. At the very least, we highly recommend involving law enforcement. Sometimes we also explore, together with the customer, ways to safely enlighten other organizations in the same line of business.
In the modern-day Internet, it is not a matter of IF, but WHEN you get hacked. Many organizations have already adopted this mindset and there are plenty of examples which show that breaches are inevitable. Unfortunately, the world wide web has turned into the wild wild west where shots are constantly being fired in all directions. Taking proactive measures to not get hit is important, now more than ever.
There are several ways to make sure that the next data-breach does not feature your company on frontpages of newspapers. Many of the compromises that cross our path are achieved by targeting low-hanging fruit. These successful attacks could often have been thwarted with minimal efforts, costing next to nothing. Remember, you do not lose the moment you are hacked, you lose if the hackers are allowed sufficient time to secure their objectives. Objectives which almost always revolve around data theft and monetization of your IT infrastructure and people.
If you want peace, prepare for war!