Incident Response

The old saying goes, “Life happens” — whether it’s a physical disaster or cyber attack incident — incident response is vital. In Florida, hurricane season is every year, and a major disaster could shut down a facility. According to Forbes: a Deloitte Center for Controllership poll. “During the past 12 months, 34.5% of polled executives report that their organizations’ accounting and financial data were targeted by cyber adversaries. Within that group, 22% experienced at least one such cyber event and 12.5% experienced more than one.” Cybercrimes take place daily, incident response is paramount to how a company will respond to an incident or natural disaster.

Initially, incident response begins with preparation. Management, stakeholders, and disaster recovery teams must integrate prerequisite guidelines and policies to address disasters. The disaster recovery team can be internal or a SOC(a central organization that monitors, analyzes, and detects events to avoid disaster to the business). In the case of a hurricane or other natural disaster, purchase a backup generator to prepare for a power outage. In the case of a cyber-attack, identify critical data and putting additional safeguards in place aid in mitigating risk. Communication is key! Make sure to plan a coordinated effort between the intermediaries in the company to mitigate risk.

Detection and analysis is the next element of an efficient incident response effort. If a company has not monitored its possible attack vectors, a cybercriminal will exploit them. Craft documentation that outlines to-dos in the case of an incident and record data threats from the past to avoid mistakes. Prioritizing incident response by conducting weekly meetings amongst the incident response team. In the case an incident occurs — contain, eradicate, and recover. A threat can multiply if not contained, put together an appropriate containment strategy. Gather evidence recording data of what went wrong, and eradicate the threat immediately. Finally, put together a recovery strategy to reduce incidents in the future. Putting together a containment strategy in the interim is fundamental. Finally, post-incident activity is fundamental to risk mitigation. Identify the risk that took place and record what took place. Document everything so that the team implements a policy to decrease risk in the future. A retrospective should take place — analyzing the documentation and presenting improvements to the policy. Documenting lessons learned takes a major step in avoiding the incident in the future. Incident response is an element of cybersecurity focusing on the decisions taken following an incident. A business that does not implement incident response is more likely to have repeat incidents and more catastrophic disasters. Poor planning leads to poor performance; incident response is all about planning and reaction to disastrous events.