Are you prepared to manage a security incident?
by Garry Sidaway - Global Director of Security Strategy, NTT Com Security - Friday, 6 June 2014.
Itís the year of the breach. Adobe, Target and eBay fell victim to cyber-attacks and 2014 has already seen the Heartbleed bug impact the majority of organizations across the globe. With attacks getting more advanced and hackers getting smarter, businesses across all sectors are potential targets. Itís a case of when, not if, your company will be hit.

Appropriate incident response is therefore critical for minimizing the impact of a breach, yet 77% of organizations do not have an incident response plan at all according to a recent NTT Group report. This raises the question: are you prepared to manage a security incident?

A change of plan

With incidents increasing in frequency, businesses are spending more time and money on remediation Ė often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT (Advanced Persistent Threats) are difficult and time-consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. The problem is that businesses are turning a blind eye to the importance of defining and testing an incidence response plan.

Itís time for businesses to treat information security breaches as part of their business continuity planning, which means confidently managing incidents in an efficient, low noise, repeatable manner. By having a well-defined plan, and recognizing that security incidents will happen, organizations will be better prepared to handle incidents effectively and consistently.

Any company that suffers a breach certainly would not want to repeat the experience and, by improving the maturity of its incident response plan, it will reduce the risk of future incidents as well as reduce the financial and reputational impact on the business.

What does an incident response plan look like?

An incident response plan is a formal process that defines what constitutes an incident and provides step-by-step guidance on how to handle a future attack. In order to limit damage and reduce recovery time and cost, it needs to be kept up-to-date and then socialized among all of the involved parties. Furthermore, tests should be carried out regularly so that people understand their roles and responsibilities.

Good incident response starts with good risk insight and understanding of information assets.

Not all incidents are of equal impact so every business must be able to classify an incident that occurs. This can be done by establishing a comprehensive and real-time view of network activity, which will enable an IT team to quickly recognize that its company is under attack Ė and then consequently implement a clear plan for appropriate remedial action.

Incident response must be designed with an organizationís goals and compliance requirements at the forefront. The right intelligence on the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption. This way, those affected will be able to resume business as quickly and smoothly as possible.

Ultimately, the route to better preparation is to build a structured plan that clearly articulates the approach, benefits and measures for application risk reduction. With a clear understanding of the business and technology infrastructure, an IT team can perform network and host based forensic investigation into incident, provide incident management capability and deliver summary post incident report and recommendations.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th