Incident Response: Everyone Has a Plan Until They Get .....
It is of no doubt that prevention is better than cure.
But, if you have been exposed to any kind of injury, proper steps to manage and limit the amount of harm the wound does to you becomes vital. Same is the case in the cyber world, where cyber attacks are prevented to the best of a company or an individual’s ability. And in the case of an attack, they ultimately need to limit the damage done and the potential damage anticipated.
This elaborate process, in which a professional examines the attack, or “incident”, and secures as much of your data as he could, while improving your recovery time, is known as incident response.
Why Should You Be Concerned?
It must be made clear here that prevention is not a cure. Many companies think that by avoiding the threat, they will remain safe, and everything seems to go according to their plan until they are under attack. This is when all hell breaks loose.
Since they had not done any planning beforehand for incident response, it is of no surprise that they lose more of their valuable assets, which they could have otherwise saved by investing in a proper incident response team.
This mentality is imminent from the analysis by SANS Institute which asked companies the amount of budget they allocate for incident response. The results show a lack of interest by the organizations in dedicating a budget for cyber security specified for incident response; almost 40% respondents did not know how much was allotted for incident response and 30% mentioned that no resources were allocated, as shown in the chart below.
One of the biggest mistakes that companies make in cyber security is aiming to achieve 100% security. In the cyber world, complete security is impossible, and once you have the awareness that cyber attacks are unpreventable, you will place more emphasis on the detection of the attack(s) and incident response. According to Lenny Zelster, a New York based security consulting leader, the major concern for most companies is that it seems improbable to them to spent time and money on planning something that may or may not happen.
What Are The Benefits Of An Incident Response Plan?
Having a high quality, tried and tested incident response plan that caters the specific needs of your organization has various benefits:
A good incident response plan can save an organization up to $340,000 USD per incident. - Ponemon Institute (Cost of Data Breach 2018)
Limits financial damages
According to a 2018 study by Ponemon Institute, having an incident response plan can save an organization up to $340,000 USD per incident. Good management of the after effects of an incident leads to minimizing the financial damages.
Minimizes disruption of work
If the employees at your organization are aware of security risks and incident response, and understand the importance of the incident response team, they will not panic in the case of an attack. Proper measures and fast action to contain the breach will minimize the disruption of work due to a cyber attack. Thus, your company can remain competitive even during downtime without much to worry.
Provides qualification for good cyber insurance
Having an incident response team and allotting a budget for incident response shows that you care about the security of your company. Thus, you are able to acquire a broader coverage at a reasonable premium in cyber insurance.
Avoids legal penalties
When an organization is capable of taking timely actions against a cyber attack, it automatically improves its chances of meeting the appropriate legal requirements and avoids penalties in such cases. Also, it enables your organization to efficiently manage civil and regulatory proceedings apart from managing a security event in a competent manner.
What Should Be Your Approach For Incident Response?
Cyber security is an attitude. If an organization depends solely on the cyber security department to contain risks, and only brings them to the table after finishing a project or in case of a threat, things are bound to get worse. A mature approach should be taken by companies so as to work with the incident response team efficiently and to improve the chances of the organization taking a strong stand against a cyber attack. These are some of the considerations to keep in mind:
Consider which assets are essential
It is important to have a clear idea which assets are to be protected the most. Discuss with executive teams and business line managers, decide on adequate level of security measures to be taken for the security of these assets.
100% security is a pipe dream. Cyber attacks should be considered as potential risks. With this realistic mindset, better approaches and security strategies can be made to protect your assets.
Focus more on limiting damage to your most valuable assets rather than just aiming to prevent an attacker. Take a realistic approach to protect assets that need to be protected the most.
Know what tools you need
Instead of being washed away with the current media reports and advertised tools, first learn exactly what your company needs. Each company is different and would need a customized approach in incident response. Thus, it is not prudent to take the one-for-all approach when it comes to buying the tools necessary for your security management.
Test your Plan - Tabletop or Dry run
In the case of a security breach, panicking will only make matters worse. Conducting regular tabletop or dry runs on various incident response scenarios with your employees and stake holders is vital to the success of your incident response plan. This will ensure everyone is aware of their roles and responsibilities during an incident, and will help contain the incident faster, without havoc.
Ensure the lessons learned from these exercises are incorporated back into the plan.
Kiran Vangaveti BluSapphire.net