If your organisation has an Internet connection, the odds are not in your favour. In this day and age, it is no longer a matter of if you are attacked, but when. Cyber attacks have become so common that more than half of businesses expect to be hacked at least once in the next 12 months.
Not only is the incidence rate high, and is set to increase, the price of such attacks are hefty as well. Each personal data lost or stolen cost the organisation US$154 on average.
However, a hack need not necessarily result in a breach. If security incidents are detected quickly and mitigated effectively, the attack can be stopped. But you need to avoid these six critical mistakes during a security incident.
The adage of 'failing to plan is planning to fail' cannot be overemphasised in cyber security. Not having a plan is fatal. It causes unnecessary panic and chaos that do not lend well to speed and precision that is needed to identify, contain and remediate the incident.
If you do not have an Incident Response Plan (IRP), this is your utmost priority. There are a few key processes in the IRP. You will need to:
• Have clear processes to analyse and identify if the flagged security incident is a threat
• Isolate the systems and contain the breach
• Activate the multi-functional incident response team to provide support such as handling stakeholder communications, filing a police report and implement a physical lockdown if required
• Apply digital forensic imaging and malware reverse engineering to trace and eliminate the root cause of the security breach
And if you do have an IRP, stress test it relentlessly. Conduct tabletop exercises and blue team-red team exercises to identify gaps in your plan, systems and staff. Implement learning points into your IRP. Rinse and repeat.
Not having a plan is fatal
Plugging the gaps in your defence is just one half of a successful cyber security. The other half is to know what will attack you, and how they would do that.
First, you need to understand the threat landscape. What types of actors are most likely to target you, what assets are they likely to go after, and how they would do that.
Next, you need to able to 'see' the threats. Having certified security analysts working on advanced detection technology will give you visibility on the cyber activities on your networks. It is vital to monitor, compile and sift through your network data, eliminate false positives, and flag up potentially disruptive threats.
What types of actors
are most likely to target you,
are they likely to go after,
and how they would do that
Security analysts differentiate between false positives and real threats based on threat intelligence.
Engaging an established managed security services provider (MSSP) can provide such threat intelligence. MSSPs correlate cyber activities across their clients' networks as well as industry partnerships to spot and identify threats effectively.
Threat intelligence can make the difference between being blinded to attacks and identifying malicious activities in time.
Engaging an established
managed security services
can provide such
In the heat of containing and remediating a security breach,
Documenting down what happened and what incident responders did, covering the basic questions of who, what, where, when, why and how, including a detailed incident timeline, is vital. It will help you to review the Incident Response Plan to ensure that a similar breach does not happen again.
prove to be the
Do not, under any circumstances, stop at the containment and remediation of the breach.
The incident response team has to re-examine significant events, capture lessons learnt, and most importantly, refine the incident response plan. Take the opportunity to upgrade your security applications, streamline the processes and upskill your security staff, where need be. This can only help you to respond more effectively in the future.
If you are breached
the second time
by the same attack,
it is on you.
Cyber security is not just a technical problem for the
A cyber incident may result in a breach if you do not have a plan to respond to and manage the incident. As a result, your business can result in severe repercussions including market loss, brand dilution and loss of major clients.
When the business is at stake,
it is all hands on deck.
Quann's cyber security consultants can help you set up or review your Incident Response Plan.