The importance of cybersecurity incident response: Four tips for implementation

26th July 2021

Given the increasingly intense cyber threat landscape that has continued to evolve at an alarming rate in recent months, it has never been more important for organisations to cover all angles. Patrick Wragg, Incident Response Manager, Integrity360, discusses why cybersecurity must look beyond prevention and outlines some top tips for effective incident response.

The intensity of the threat landscape today is underpinned by some alarming statistics.

Owing to the mass uncertainty, disruption and anxiety brought about by COVID-19 in 2020, cybercriminals quickly adjusted their tactics in an attempt to prey on people’s fears and maximise the effectiveness of their attacks.

As a result, Google blocked 18 million malware and phishing emails related to coronavirus daily in April 2020. However, ReedSmith also revealed that the volume of scams increased 400% month over month in March 2020.

In terms of the financial impact, it is said that the average cyber breach costs companies US$3.86mn and takes 280 days to identify and contain, IBM reporting that cybercrime costs are expected to exceed $6trn annually this year.

Such statistics manifest themselves in equally shocking real-world impacts, no better demonstrated than by the SolarWinds breach that was uncovered in December 2020. Here, hackers added malicious code into its Orion Software that was subsequently installed by 18,000 of SolarWinds’ customers, including US government agencies and Fortune 500 companies, in a routine update.

Creating a smoother road to founding a business
Trending
Creating a smoother road to founding a business

And beyond SolarWinds, similarly, significant breaches have continued into 2021. Kaseya, for example, became the subject of a major ransomware attack affecting 1,500 companies and government agencies in July.

Indeed, these are just two examples of successful cyberattacks among tens and tens of thousands. Yet, with an ever-increasing amount of attention being paid to cybersecurity, the question is, why are cyberattacks still so successful?

Why is cyber incident response important?

Where many companies cultivate a cybersecurity strategy, much of the focus continues to be placed on prevention and building an external wall to safeguard internal assets and data.

Here lies the challenge.

Prevention should form just one component of a successful cybersecurity strategy. In addition, companies need to be able to monitor and respond to threats within their internal networks should their security fail and defences be breached.

It is worth considering the way in which we prepare for fires. While it is possible to take many precautions in reducing the chance for flames to break out, we still need fire alarms, fire extinguishers and the fire service to ensure safety and reduce the potential damages in the event that a fire does occur.

In a cybersecurity context, incident response is critical for this very same reason.

Top tips for effective cyber incident response

In the same way a fire extinguisher can help to put out a fire, incident response is an organised approach to addressing and managing an attack or security breach once it has already begun.

An attack can wreak havoc, incident response works to reduce the damage, help organisations recover as quickly as possible, and review attacks so that better preparations can be made in the future.

Here are some of the key aspects of incident response that you should consider ensuring maximum effectiveness.

1. Playbook

First, create an incident response playbook that will act as a step-by-step guide for what to do in the event of a cyberattack. This should include everything from the stakeholders that need to be alerted to the necessary processes to follow and in which order.

At Integrity, we recommend leveraging the SysAdmin, Audit, Network, Security (SANS) Institute framework in the creation of an incident response playbook, which you can learn more about in this whitepaper. Using this framework, you will be able to build a cyber incident response procedure that includes six key steps – preparation, identification, containment, eradication, recovery, and lessons learned.

2. Runbook

On top of this, organisations should develop a series of more detailed and specialised runbooks tailored to specific incidents that branch off the core playbook. There should be a runbook for ransomware, a runbook for insider abuse, a runbook for phishing, and so on, detailing what to do in the event of each specific attack.

In the same way that you wouldn’t want to have to read the instructions on a fire extinguisher once a fire has already broken out, runbooks ensure rapid response can be achieved where time is of the essence. To ensure readiness in the event, it is also worth putting each runbook to the test with mock incident response exercises that can be reviewed to help enhance your processes.

3. Jumpkit

Any successful incident response strategy should be backed by not only the best processes but equally the best possible tools. Having a carefully cultivated jumpkit is therefore of vital importance.

Just as a plumber will have the required equipment on hand 24/7 to help them deal with a leak, a jumpkit comprises a selection of solutions that are ready to go in helping to combat a security breach.

You don’t want to have to contact a cybersecurity specialist to discuss commercials and business specifics during a breach, so work with an appropriate solutions provider ahead of time in putting together this selection of combative solutions.

4. Cyber insurance

Fourthly, it is worth investing in cyber insurance.

As we have already discussed, the average cyber breach costs companies $3.86 million – a sum that could easily cripple even the most resilient of businesses. In order to prevent such a reality from occurring where you might be held to ransom, an insurance provider can help to ease the financial blow.

In following these steps, you will have a sound starting point from which an effective incident response plan can be developed and a prevention-focused cybersecurity strategy bolstered.

READ MORE:

Indeed, given the current threat landscape, it has never been more important to create a holistic cyber response strategy: According to IBM, Remote work has increased the average cost of a data breach by $137,000. Further, Tessian reveals that 47% of employees fell for a phishing scam due to home distractions.

Given the severity of such statistics, now is the time to act.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

We think you'll like:

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Ab Initio partners with BT Group to deliver big data

Luke Conrad • 24th October 2022

AI is becoming an increasingly important element of the digital transformation of many businesses. As well as introducing new opportunities, it also poses a number of challenges for IT teams and the data teams supporting them. Ab Initio has announced a partnership with BT Group to implement its big data management solutions on BT’s internal...

WAICF – Dive into AI visiting one of the most...

Delia Salinas • 10th March 2022

Every year Cannes held an international technological event called World Artificial Intelligence Cannes Festival, better known by its acronym WAICF. One of the most luxurious cities around the world, located on the French Riviera and host of the annual Cannes Film Festival, Midem, and Cannes Lions International Festival of Creativity. 

Bouncing back from a natural disaster with resilience

Amber Donovan-Stevens • 16th December 2021

In the last decade, we’ve seen some of the most extreme weather events since records began, all driven by our human impact on the plant. Businesses are rapidly trying to implement new green policies to do their part, but climate change has also forced businesses to adapt and redefine their disaster recovery approach. Curtis Preston,...