If Benjamin Franklin were alive today, his famous quote would be “…nothing can be said to be certain, except death and taxes and a cybersecurity incident.”
While the timing of a cyber incident is unpredictable, its likelihood is not. Is your company prepared to respond to a cyberattack? Have you considered your exposure to every possible attack and how to counter it?
A cyberattack can halt your company’s operations, with severe consequences for your finances as well as your reputation. And, if the incident involves a permanent loss of data or exposing information about employees or customers, you could also face regulatory fines and legal fees.
Given what’s on the line, a strong incident response plan must be in place. An effective response to a cyberattack will mitigate its potential damage and prevent it from spreading.
Where’s the risk?
Cybercriminals know that employees are the Achille’s heel of a company’s cybersecurity efforts. As such, most cyberattacks depend on some form of human error and/or trust to be carried out successfully. In contrast, deliberate attacks conducted from the inside arise from human’s baser instincts like revenge or greed.
For example, ransomware and other malware commonly arrive via legitimate-looking emails, so employees believe them to be safe. Likewise, login credentials can be highjacked through social engineering methods, which could be through email, but might involve impersonating executives or help desk staff, or even by way of open-source reconnaissance.
Additional network vulnerabilities include, among other things, security misconfigurations and failure to patch known software flaws. Network vulnerability is amplified further when you introduce remote management interfaces, the Internet of Things (IoT), and bring your own device (BYOD).
Metrics for Measuring Incident Response Quality
“What gets measured, gets managed” is just as true today as it was when Peter Drucker wrote it in 1954. For incident response, your focus should be improvement in metrics such as:
• Detected versus undetected incidents
• Incidents resulting in a breach
• Incidents requiring response
• Repeat incidents
• Response time to an incident
Of these, the defining metric of an effective incident response plan is the mean time to respond. Reducing the average amount of time needed to identify, investigate, mitigate, and repair a breach is essential to a strong cyber defense.
Factors that Improve Incident Response
While it’s common to panic and make bad decisions when faced with a crisis like a cyberattack, the key to remaining calm and reducing response time is having a clear and comprehensive incident response plan on hand for cyber security personnel to follow. This plan should address all possible attack scenarios, while identifying the protected assets that are most likely to be a target.
Your cyber defense team should be well-trained in their individual responsibilities for each scenario. Regular tabletop exercises and consistent hands-on skills training for your cyber defense team also helps to decrease response time by increasing the team’s confidence in their ability to combine efforts in a way that streamlines the process.
Why Strong Incident Response Is So Important
Much of cybersecurity involves responding to constant and ongoing attempts—both weak and sophisticated—to access protected areas of your network.
How and when this response happens can make a huge difference in whether the attack is successful or not, how much data is accessed, and whether subsequent attempts can make use of the prior breach. Failure to respond quickly may allow a hacker time to gain access to multiple parts of your network, and potentially third-party networks. If this happens, the investigation and repair process become exponentially more complicated.
When incident response is thorough and swift, the infiltration can be closed off quickly, eliminating further access and protecting the rest of the system from harm.
Contact a Cyber Security Firm for Effective Incident Response
As a cyber security firm, we can help you with incident response in several capacities:
• As an outsourced service
• As a consultant who reviews and assesses your current practices
• As a consultant who develops a customized incident response plan for you
• As a consultant who trains your cyber response team
And, you will benefit from our team’s extensive experience in intelligence, military, and the private sector.
6950 Columbia Gateway Dr., Suite 450A • Columbia, MD 21046 • phone: 443-832-4133 • fax: 410-290-0234