Are you prepared to manage a network security incident? According to some vendors and analysts, it's now a case of when, not if, your company will be breached. Adobe, Target and eBay are just a few of the plethora of organisations that recently fell victim to cyber-attacks.
The remedy in the event of a breach
Incidents are increasing in frequency and complexity; so Incident Response Plans are crucial for helping enterprises prepare for a security event. Unfortunately, many are turning a blind eye to the importance of defining and testing an incident response plan. In fact, 77% of organisations do not have a plan at all, according to a recent NTT Group report.
The solution in the event of a breach
An Incident Response Plan is a formal and essential process that classifies an incident and provides guidance on how to handle a future attack. It needs to be actively maintained and circulated to relevant personnel to limit damage and reduce recovery time and cost. Regular tests should also be performed to ensure people understand their responsibilities.
Not all incidents are equal, so every company must be able to define an incident that occurs. This can be done by establishing a thorough and real-time view of network activity, which will enable an IT department to promptly recognise that its company is under attack – and then subsequently implement a clear plan for remedial action.
The key is to build a structured plan that articulates the approach, benefits and measures for application risk reduction. With a clear understanding, an IT team can perform network and host based forensic investigation into incidents, provide incident management capability and deliver summary post-incident report and recommendations.
Enterprises must also understand how compliance fits into their strategy and enforce a clear procedure to meet obligations for reporting incidents. This means knowing when and how to notify law enforcement or specific industry regulators and, for multinational companies, navigating through regional variations, complex privacy laws and notification requirements.
Making incident response cost-effective
Deploying an Incident Response Plan might seem like an expensive task but there are ways to achieve a comprehensive outcome at a low cost. Considering that resolving an incident after-the-fact can take three months or more and cost over $100,000 the cost of not having a Incident Response Plan in place can be much higher. Whilst most firms already have the technology (such as data loss prevention, perimeter defences and log management), enlisting the services of a Managed Security Services (MSS) provider to help develop the processes is a great way to shortcut the development time and reduce the cost. MSS providers can also make the right people available at short notice to assist with incident response testing, implementation and management.
If a business with no in-house capability suffers a breach, a trusted provider is instrumental in putting the Incident Response Plan into action. The provider can step in and establish an incident management capability, analyse forensics and contain the incident. They can also provide incident resolution, wrap up the incident, and deliver an incident report plus roadmap to minimise the impact and ensure business as usual, is quickly restored.
If your business is faced with a security incident, having a trusted advisor by your side will enable your organisation to be better prepared to manage and be able to take remedial action with minimal disruption.