Are you prepared to manage a security incident? According to some vendors and analysts, it's now a case of when, not if, your company will be hit. Adobe, Target and eBay are just a few organizations that fell victim to cyber-attacks and 2014 has already seen the Heartbleed bug impact the majority of organizations around the world.
Incidents are increasing in frequency and complexity; so incident response plans are crucial for helping enterprises prepare for a security event. The problem is that many are turning a blind eye to the importance of defining and testing an incidence response plan. In fact, 77% of organizations do not have a plan at all, according to a recent NTT Group report.
The solution in the event of a breach
An incident response plan is a formal, yet essential, process that classifies an incident and provides guidance on how to handle a future attack. It needs to be kept up-to-date and circulated to relevant personnel in order to limit damage and reduce recovery time and cost. Regular tests should also be performed to ensure people understand their responsibilities.
Not all incidents are equal, so every company must be able to define an incident that occurs. This can be done by establishing a thorough and real-time view of network activity, which will enable an IT department to promptly recognize that its company is under attack – and then subsequently implement a clear plan for remedial action.
The key is to build a structured plan that articulates the approach, benefits and measures for application risk reduction. With a clear understanding, an IT team can perform network and host based forensic investigation into incidents, provide incident management capability and deliver summary post incident report and recommendations.
Enterprises must also understand how compliance fits into their strategy and enforce a clear procedure to meet obligations for reporting incidents. This means knowing when and how to notify law enforcement or specific industry regulators and, for multinational companies, navigating through regional variations, complex privacy laws and notification requirements.
Making incident response cost-effective
Deploying an incident response plan might seem like an expensive task, but it needn't be. In fact one company took over three months to resolve an incident costing them over $100,000. Whilst most firms already have in place the technology – such as data loss prevention, perimeter defences and log management – by enlisting the services of an MSS (Managed Security Services) provider or a trusted third party is all that is needed to develop the processes and people to effectively respond to an incident saving time and money.
If a business with no in-house capability suffers an incident, a trusted provider is instrumental in developing an incident response plan. It should establish an incident management capability, analyze forensics and contain the incident. They should also provide incident resolution, wrap up the incident, and deliver an incident report plus roadmap to minimize the impact and ensure business as usual is quickly restored.
So if your business is faced with a security incident, your organization will be better prepared to manage it and be able to take remedial action with minimum disruption.
- Garry Sidaway is Global Director of Security Strategy at NTT Com Security.