Breach Notification , Incident & Breach Response , Security Operations

Steps to Take Before Reporting Breaches to Authorities

Ankur Kushalka of Atos on the Need for Clearly Defined Investigation Process
Ankur Kushalka, general manager, InfoSec Practice Head, Atos

Organizations need to have a clearly defined process in place to investigate security incidents before they report them to law enforcement authorities, says Ankur Kushalka of Atos, a European IT firm.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

"Before engaging with law enforcement agencies, it is important for firms to device an [investigation] process. Once you are attacked, there are ways in which the security team [can] analyze the nature of the attacks - were you targeted or were you just impacted?" Kushalka says.

"There are instances where CISOs want to report to LEAs, but organizations are reluctant for various reasons," he says. Therefore, before reporting breaches to the authorities, "CISOs have to get a buy-in from the management, all stakeholders and engage with the internal legal team," he says. "Once the process is in place, it easier to report incidents to police."

In this video interview at Information Security Media Group's the recent Fraud and Breach Prevention Summit in Mumbai, Kushalka discusses:

  • Why having an internal investigation team is important;
  • Why protecting only the crown jewels doesn't help;
  • Why checks need to be put in place for end users.

Kushalka has about 20 years of experience in IT and information security. He is the general manager and practice head for information security practice at Atos Global IT Solutions and Services. Kushalka has global exposure in diversified IT and security domains that include IT infrastructure management; IT security and compliance; IT project and program management; business continuity and enterprise risk management; transition, transformation and service delivery management; center of excellence for security practice; and competency management.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.