Tag Archives: Incident Plan

Cyber Secure by Design

Posted on by

In 2019, victims lost $2.7 billion to cybercrime, according to the Federal Bureau of Investigation.

When it comes to ransomware attacks and data breaches, most cybersecurity experts agree that it’s not a matter of if, but when your business or organization will become a target or a victim of cybercrime. In CyberEdge Group’s 2019 Cyberthreat Defense Report, an astounding 78% of surveyed organizations admitted being victims of cyber attacks. That’s why it’s important to have the right incident response tools and plans in place.

Cybersecurity must become a priority and a core business objective for organizations of all sizes and technology orientation. In order to conduct business and navigate today’s increasingly complex technology threat environment, it is critical for businesses and organizations to devote their time, talent and treasure to securing and building resiliency in cyber technology equipment, systems and protocols.

Cyber security incident plan

Organizations need a written incident response plan, spelling out the necessary steps to address a cybersecurity incident, vulnerability assessments and details on who is is notified, who is responsible for implementing the plan after a data breach.

An incident response plan is a documented, written plan with 6 distinct phases that helps cyber professionals and IT staff recognize and deal with a cyber security incidents like a data breach or ransomware attacks. An incident response plan should be set up to address a suspected data breach in a series of phases. Within each phase, there are specific areas of need that should be considered. The incident response phases are:

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned

Cybersecurity needs to become core to an organization’s overall business strategy. Organizations and boards need to take effective steps to become “secure by design”. They need to ensure security procedures, controls and policies are integral within all levels of the organization, in all technology solutions and business process from the outset.

Cyber security solutions need to provide the latest cyber threat protection required for an organization’s operations. Whether a business’s digital transformation is migrating to the cloud, application development, leveraging the power of the IoT or integrating IT and operational networks, taking a “secure by design” approach is crucial for business continuity by identifying, responding to, and protecting against known and unknown threats and minimizing the potential effects on core assets.

Shortage of cyber security and IT staff

In most organizations, there exist a critical shortage of cyber security staff. As a result, it has become nearly impossible for organizations to review the plethora of cyber alerts, not to mention investigate and respond to all security incidents. Statistics show that the average time to identify and remediate a cyber security breach is over 100 days. Additionally, the Mandiant Security Effectiveness Report 2020 found that 53% of successful cyber attacks infiltrate organizations without being detected, and 91% of all incidents didn’t generate an alert.

To help address this shortage, the security industry is developing tools to perform automated incident response. An automated tool can detect a cyber security condition, and automatically execute an incident response playbook that can contain and mitigate the incident. For example, upon detecting traffic from the network to an unknown external IP, an incident playbook runs, adding a security rule to the firewall and blocking the traffic until further investigation.

By supplementing manual incident response with automated playbooks, organizations can reduce the burden on security teams, and respond to many more security incidents, faster and more effectively.

Weakest link

Cyber-resiliency also involves recognizing that security is no longer solely a technology or governance, risk and compliance issue. Instead, the whole workforce, including both technical and non-technical employees, should be a student of cybersecurity. Since cyber security is as strong as the organization’s weakest link.

Research participants felt that their respective organizations had invested adequately in cyberthreat solutions. Although four in five respondents (81.7%) felt their employers had invested adequately, that means one in five (18.3%) was not confident in this regard. Given the sophistication and magnitude of today’s cyber threats and the advancements in modern cyber threat hunting technology, the survey results are discouraging.

To implement truly robust and effective measures, businesses and organizations must employ multi-faceted risk mitigations solutions like:

  1. Centrally manage and promulgate robust teleworking solutions to empower and enable employees, customers, and third parties.
  2. Leverage role-based rather than location-based identity and access management solutions, analytics, and controls.
  3. Establish two factor authentication, such as manual phone calls, a system of shared secrets, or other authentication controls.

Technology:

  1. https://www.itproportal.com/features/cyber-security-awareness-month-2020-six-experts-share-their-thoughts-on-staying-safe-online/
  2. https://cyber-edge.com/wp-content/uploads/2019/03/CyberEdge-2019-CDR-Report.pdf
  3. https://www.itgovernanceusa.com/blog/how-long-does-it-take-to-detect-a-cyber-attack
  4. https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html
  5. https://www.securitymetrics.com/blog/6-phases-incident-response-plan#:~:text=An%20incident%20response%20plan%20is%20a%20documented%2C%20written,incident%20like%20a%20data%20breach%20or%20cyber%20attack.
  6. https://www.ey.com/en_us/consulting/covid-19-steps-to-defend-against-opportunistic-cyber-attackers?WT.mc_id=10642922&AA.tsrc=paidsearch
  7. https://www.cynet.com/incident-response/incident-response-plan-template/