Appropriate incident response is therefore critical for minimizing the impact of a breach, yet 77% of organizations do not have an incident response plan at all according to a recent NTT Group report. This raises the question: are you prepared to manage a security incident?
A change of plan
With incidents increasing in frequency, businesses are spending more time and money on remediation Ė often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT (Advanced Persistent Threats) are difficult and time-consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. The problem is that businesses are turning a blind eye to the importance of defining and testing an incidence response plan.
Itís time for businesses to treat information security breaches as part of their business continuity planning, which means confidently managing incidents in an efficient, low noise, repeatable manner. By having a well-defined plan, and recognizing that security incidents will happen, organizations will be better prepared to handle incidents effectively and consistently.
Any company that suffers a breach certainly would not want to repeat the experience and, by improving the maturity of its incident response plan, it will reduce the risk of future incidents as well as reduce the financial and reputational impact on the business.
What does an incident response plan look like?
An incident response plan is a formal process that defines what constitutes an incident and provides step-by-step guidance on how to handle a future attack. In order to limit damage and reduce recovery time and cost, it needs to be kept up-to-date and then socialized among all of the involved parties. Furthermore, tests should be carried out regularly so that people understand their roles and responsibilities.
Good incident response starts with good risk insight and understanding of information assets.
Not all incidents are of equal impact so every business must be able to classify an incident that occurs. This can be done by establishing a comprehensive and real-time view of network activity, which will enable an IT team to quickly recognize that its company is under attack Ė and then consequently implement a clear plan for appropriate remedial action.
Incident response must be designed with an organizationís goals and compliance requirements at the forefront. The right intelligence on the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption. This way, those affected will be able to resume business as quickly and smoothly as possible.
Ultimately, the route to better preparation is to build a structured plan that clearly articulates the approach, benefits and measures for application risk reduction. With a clear understanding of the business and technology infrastructure, an IT team can perform network and host based forensic investigation into incident, provide incident management capability and deliver summary post incident report and recommendations.