What is the state of your IT security team?
When it comes to incident response, “always be prepared” is a key mantra. Berkeley often presents to security professionals, and one of our favourite questions to ask is, “How many hours per day do you spend at work?”. The usual answer is eight or nine, and even those who spend more are still well behind the people they are battling. Hackers will routinely spend 12, 16 and even 18 hours a day trying to breach someones network. They live, breath, eat and sleep hacking.
If we fail to prepare for an incident or deal with a threat, then we will lose the cyber security battle. Our enemies dream in code, whilst we are required to focus on a plethora of tasks outside of defeating their attacks. Ensuring the security team, general IT and all business groups work together is also of paramount importance. Many hacking groups use teamwork to their advantage. Anonymous is an excellent example; a loose collective of attackers who come together for a common purpose. They don’t even know each other’s real identities and may be of different nationalities or backgrounds. Despite these differences, they come together in common cause to carry out their attacks.
How do we combat this organised and capable enemy? Quite simply we work hard to "always be prepared”. The more organisations prepare themselves, and run practice incident responses, the better they can anticipate and react to attacks. The more organisations focus on security programs and assist with building them up, the better they can plan and help to avoid exploits.
Five Tips to Prepare for a Security IncidentHere are five tips on how organisations can better prepare for a security incident:
- Invest in your security program.
If you want security, you must invest in security – both in the technology and the people. Encourage your IT security staff to work closely with general IT and business groups. Provide them with adequate training and proper equipment.
- Shorten the incident response timeline.
While your security investment may be hefty, you will likely see the investment repaid by avoiding or at least mitigating a security breach. Security will never be a money maker, but it can offset the risk of substantial losses. The sooner you can detect and respond to an incident, the less impact that incident will have. Shortening the incident response timeline reduces the overall cost of security incidents. Advertising your investment in security may also be attractive to existing and future customers.
- Get help.
If you need help (and most organisations do), get it. Engage with a reputable, third-party security company. Managed Security Services (MSS) providers are worth their weight in gold in a time of need, and can be a great asset to your internal security team.
- Encourage cooperation.
Encourage inter-departmental collaboration in your IT department. Don’t allow a lack of collaboration between teams weaken your cyber security program. Visit your security staff, ask what they need and then be willing to follow up on their requests
- Plan for security incidents.
Ask your security team to build an Incident Response Plan, based on risk, for securing your environment. The worst possible time to wonder whether or not you’re secure is during or after a breach. Build and test your Incident Response Plan. Make sure the plan stays current.
Without preparation, you leave yourself liable and open to a breach. We are always surprised when we hear about breaches because companies are failing to adequately prepare for an incident. Take the steps outlined above and start preparing your business for the inevitable event. After all, we should always be prepared!