Are you incident ready?
Every organization wrestles with the question - are they ready for the inevitable security breach when it occurs? Attackers are probing your network daily, large scale incidents from Yahoo to government departments are splashed on the front pages of newspapers, and your board is breathing down your neck.
Here are some areas to consider.
Not all breaches are created equal.
For a smaller organization without proper backup and recovery procedures, a simple Ransomware infection can create a mission critical problem. Transit authorities, hospitals even police departments have found themselves unable to operate either because they didn’t have proper backup procedures in place or they were unable to swiftly recover from locked systems.
On the other hand, information theft, inappropriate record access, user credential theft, credit cards on the dark web - all these represent a different sort of threat for the organizations that face them. Dealing with the news media asking difficult questions, reestablishing the trust of your users, preventing brand damage - all these require a different set of skills and preparation than a malware outbreak.
Advice: Consider the different types of likely security incidents for your environment and prepare properly for each of them.
Prepare, Prevent, Detect, Respond.
Preparation for incidents is key. Taking time to understand and develop an organizational policy to respond to different types of breaches. If you don’t have a solid backup and restore policy, do you pay the ransom and who is responsible for doing so? If you have an incident that involves loss of client data, who is the point person to deal with calls from the press or engagement with law enforcement? Taking time to develop an incident response plan, agreements with 3rd parties like IR/Forensics teams or PR agencies, running table top exercises, red team/blue team exercises are all steps you can do to ensure your organization is prepared during an actual incident.
Advice: review your incident response plan, walk through it not just with IT but your executive, HR, marketing/PR and other teams.
Once you’re prepared and have considered different types of breach and response, taking necessary steps to prevent the incident from occurring in the first place will significantly reduce your costs, and there are a number of things every organization can do. Do you have the basics in place - anti-malware, a decent next-gen firewall, but more importantly, have you taken the steps necessary to educate your users and help them know when not to click on a link or transfer money to a Lithuanian ‘supplier’. Do you have strong multi-factor authentication in place for remote access, decent role based access controls around critical assets, a balance and check system in place for IT administrators that go rogue?
Advice: Your users are your first and last line of defence. A good user awareness training program can cut incidents by over 80%, and you can get started with a simple SaaS solution that doesn't need to cost much. Start today.
Detection is an area most organizations continue to struggle. Every year Verizon’s breach report continues to show that around 80% of breaches are detected by a third party such as the credit card issuers or law enforcement or Brian Krebs rather than internal systems and processes. Making sure you’ve got solid logging in place, and if you can afford it, are taking steps with SIEM or similar technologies to give you early indications of malice can help you reduce the costs of breaches by containing them quickly when they do occur.
Advice: Centralized logging is critical to detect and reconstruct an incident, and you can make tremendous strides with some simple analytics. But systems are complex and can be difficult to implement. Recruit some experienced talent and come prepared with a focus on business outcomes.
Response - if your house is burning down, you don’t want to be a headless chicken running around as your business collapses. Calm, cool, experienced heads make the difference between a quick, back to business rapid response and a enterprise ending event. This is a time when a breach coach and training make all the difference.
Advice: Make sure you understand if your strategy is 'get it back up at all costs/nuke and pave' or 'take the time to understand what went wrong'. Create a buffer between your incident team and everyone else so that they have time to focus on the job at hand.
So, you’ve taken some of the steps above but want help on your journey. This is where our team of expert advisors can help you get the right plan in place - covering you from understanding and mapping your risks, assessing your current capabilities to acting as an extension of your team during a crisis. Contact us today for more information on how we can assist, and to set up a call for a customized package to help you on your journey from scared to prepared.