Are you prepared to manage a security incident?
It’s the year of the breach. Adobe, Target and eBay experienced cyber-attacks Heartbleed made a global impact. Attacks are more advanced. Hackers are smarter. All businesses are targets, it’s no longer ‘if’, but ‘when’ your company will be hit according to some technology vendors.
Although critical, 77% of organisations do not have an incident response plan in place, according to a recent NTT Group report, costing one company over $100K even though they were notified within hours of the breach they were unable to deal with it effectively for over 3 months.
A change of plan
There are a growing number of threats to defend against, remediate and resolve, so resources are kept busy just trying to maintain business as usual. The problem is that businesses are ignoring the importance of defining and testing an appropriate incidence response plan.
Information security breaches must be accommodated in business continuity planning so organisations can be better prepared to handle incidents effectively and consistently. The constant refinement of an incident response plan will also reduce the risk of future incidents, the financial and the reputational impact on the business.
What is an incident response plan?
It is a formal process that defines what an "incident” is and provides a detailed plan for dealing with one. To limit damage and reduce recovery time and cost, the plan needs to be current, supported by stakeholders and tested regularly to ensure people understand their roles and responsibilities.
Good incident response starts with good risk insight and understanding of information assets. Businesses must classify an incident as it occurs through a real-time view of network activity. This will enable an IT team to quickly recognise the attack and implement a clear plan for appropriate remedial action.
Incident response must be designed around an organisations goals, priorities and compliance requirements. The right intelligence will drive appropriate response priorities and focus resources on minimising damage and disruption.
Better preparation relies on a structured plan that clearly articulates risk reduction approaches, benefits and measures. With an understanding of the business and technology infrastructure, IT can perform network and host based forensics, provide incident management capability and deliver summary reporting and recommendations.
The role of compliance
It is vital to understand where compliance fits into a company’s incident response process and put in place a clear procedure to meet the specific obligations for reporting incidents. This means knowing when and how to notify law enforcement or specific industry regulators and, where necessary, navigating through the regional variations, complex privacy laws and notification requirements.
Establishing policies to share with other parts of the business affected by a breach is crucial. Although it is not always essential to share information about a breach with a company’s customers and partners, it will be necessary to define and communicate a policy internally. It all depends on the nature of the incident and how early the IT team can understand and communicate what it is and what remedial action is being taken.
Security breaches can result in finger pointing. So, it is advisable to take advantage of collaborative opportunities to nurture the incident response process. Organisations will see a heightened sense of joint responsibility for effective resolution by implementing high visibility exercises such as rapid response communication drills and tabletop exercises. These involve simulating potential incidents to improve awareness and define roles and responsibilities beyond the information security teams, thereby sharing overall responsibility.
Don’t do it alone
Rather than spend more on technology, consider investing in a relationship with a trusted provider to help implement an incident response plan.
Benefits of outsourcing include the augmentation of the organisations in-house skills and team, enabling it to focus on its business, while the outsourcer provides the information required to understand, prioritise, manage and mitigate risks.
The provider might:
• Establish incident management capability
• Analyse forensics and contain the incident
• Provide incident resolution
• Wrap up the incident
• Deliver reporting and recommendations
Moving from reactive to proactive
By enforcing a dedicated response team, and maximising the value of existing technology investments, every business can plan and execute a mature and responsive incident response strategy that ensures the fastest and most efficient return to business as usual.