Will the next cyber threat catch your organisation by surprise? asks Patrick Wragg, Cyber Incident Response Manager, at the IT security services firm Integrity360. It only takes one security breach to cause catastrophic financial and reputational damage and leave you open to legal liabilities, he writes.
We all know that implementing a proactive incident response process is essential. Without a clear route forward, managers and staff alike can struggle to know the most intelligent and effective ways to respond to security breaches and threats. We live in a world of ‘when’ a cyber attack or data breach will occur and not ‘if’. Everyone can be at risk and it pays to be prepared.
You might argue that it’s tough to know how effective a process might be, however, until it’s tested in the field – and perhaps found wanting. Fortunately, achieving a best-practice approach is straightforward, boiling down to just five evergreen steps that will enable any organisation to be best placed to detect and remediate security incidents quickly.
Reducing potential damage even from a ‘successful’ cyber attack, these steps will remain relevant even as criminals develop ever more sophisticated online and offline tactics that threaten applications, networks and the bottom line.
First up, remember that failing to plan is typically planning to fail. Watertight incident response begins with developing a plan that suits your organisational requirements and concerns and is ready to be swung into action when a crisis happens.
We recommend working with the SysAdmin, Audit, Network, Security (SANS) Institute framework outlined in this whitepaper. A comprehensive cyber incident response procedure based on this framework will include preparation, identification, containment, elimination, recovery, and post-incident review phases.
Devise a clear plan and process – then communicate it
The next step is to make sure the plan you’ve developed above is clear. All phases must be easy to understand and follow. If your incident response process is too complex or opaque, employees and managers alike can easily miss a step or simply struggle to implement it during a live attack. This means that effective communication with all staff and stakeholders is crucial, which entails development of a communications strategy, including scheduled education sessions, that can optimise event resolution as well as accountability.
Your employees will often be your first line of defence against cyber attack; every communications plan should aim to standardise the process for staff reporting of incidents, including suspicious behaviour, and work to coordinate remedial activity as well. Document exactly who to contact in the event of a breach as well as the responsibilities of every member of the team.
Additionally, regulators may need to be notified about any security breach. For instance, if you collect personal data, your communications plan should include a procedure for contacting the UK’s Information Commissioner’s Office (ICO) within 72 hours, to mitigate the potential for penalties related to the EU General Data Protection Regulation (GDPR).
The fourth stage is to develop pathways for handling specific types of cyber threat. Threat-specific incident response playbooks can help staff and stakeholders stay updated on different threat scenarios. Playbooks updated and distributed regularly to everyone by email can outline how to protect key systems, as well as give an overview of specific cyber threats – from ransomware to phishing attempts and other malware, or Distributed Denial of Service (DDoS) attacks.
Taking these few basic steps can completely uprate your ability to respond to cyber threat, including the major breach likely to target many companies over the next 12 months.
Finally, to ensure best-practice security, why not work with an experienced partner – especially if your organisation represents the one in five that have limited resources to dedicate to incident response? A managed incident response service provider can ensure you resolve incidents faster, offering cost-effective support that guarantees peace of mind even if the worst happens.
The right services provider will provide you with on-demand access to highly skilled cybersecurity experts who can provide emergency support for any cyber threat, including proactive guidance on incident response planning.
With IBM estimating that a single data breach can cost an average $3.86 million, the stakes couldn’t be higher.
