Given the increasingly intense cyber threat landscape that has continued to evolve at an alarming rate in recent months, it has never been more important for organisations to cover all angles. Patrick Wragg, Incident Response Manager, Integrity360, discusses why cybersecurity must look beyond prevention and outlines some top tips for effective incident response.
The intensity of the threat landscape today is underpinned by some alarming statistics.
Owing to the mass uncertainty, disruption and anxiety brought about by COVID-19 in 2020, cybercriminals quickly adjusted their tactics in an attempt to prey on people’s fears and maximise the effectiveness of their attacks.
As a result, Google blocked 18 million malware and phishing emails related to coronavirus daily in April 2020. However, ReedSmith also revealed that the volume of scams increased 400% month over month in March 2020.
In terms of the financial impact, it is said that the average cyber breach costs companies US$3.86mn and takes 280 days to identify and contain, IBM reporting that cybercrime costs are expected to exceed $6trn annually this year.
Such statistics manifest themselves in equally shocking real-world impacts, no better demonstrated than by the SolarWinds breach that was uncovered in December 2020. Here, hackers added malicious code into its Orion Software that was subsequently installed by 18,000 of SolarWinds’ customers, including US government agencies and Fortune 500 companies, in a routine update.
And beyond SolarWinds, similarly, significant breaches have continued into 2021. Kaseya, for example, became the subject of a major ransomware attack affecting 1,500 companies and government agencies in July.
Indeed, these are just two examples of successful cyberattacks among tens and tens of thousands. Yet, with an ever-increasing amount of attention being paid to cybersecurity, the question is, why are cyberattacks still so successful?
Why is cyber incident response important?
Where many companies cultivate a cybersecurity strategy, much of the focus continues to be placed on prevention and building an external wall to safeguard internal assets and data.
Here lies the challenge.
Prevention should form just one component of a successful cybersecurity strategy. In addition, companies need to be able to monitor and respond to threats within their internal networks should their security fail and defences be breached.
It is worth considering the way in which we prepare for fires. While it is possible to take many precautions in reducing the chance for flames to break out, we still need fire alarms, fire extinguishers and the fire service to ensure safety and reduce the potential damages in the event that a fire does occur.
In a cybersecurity context, incident response is critical for this very same reason.
Top tips for effective cyber incident response
In the same way a fire extinguisher can help to put out a fire, incident response is an organised approach to addressing and managing an attack or security breach once it has already begun.
An attack can wreak havoc, incident response works to reduce the damage, help organisations recover as quickly as possible, and review attacks so that better preparations can be made in the future.
Here are some of the key aspects of incident response that you should consider ensuring maximum effectiveness.
First, create an incident response playbook that will act as a step-by-step guide for what to do in the event of a cyberattack. This should include everything from the stakeholders that need to be alerted to the necessary processes to follow and in which order.
At Integrity, we recommend leveraging the SysAdmin, Audit, Network, Security (SANS) Institute framework in the creation of an incident response playbook, which you can learn more about in this whitepaper. Using this framework, you will be able to build a cyber incident response procedure that includes six key steps – preparation, identification, containment, eradication, recovery, and lessons learned.
On top of this, organisations should develop a series of more detailed and specialised runbooks tailored to specific incidents that branch off the core playbook. There should be a runbook for ransomware, a runbook for insider abuse, a runbook for phishing, and so on, detailing what to do in the event of each specific attack.
In the same way that you wouldn’t want to have to read the instructions on a fire extinguisher once a fire has already broken out, runbooks ensure rapid response can be achieved where time is of the essence. To ensure readiness in the event, it is also worth putting each runbook to the test with mock incident response exercises that can be reviewed to help enhance your processes.
Any successful incident response strategy should be backed by not only the best processes but equally the best possible tools. Having a carefully cultivated jumpkit is therefore of vital importance.
Just as a plumber will have the required equipment on hand 24/7 to help them deal with a leak, a jumpkit comprises a selection of solutions that are ready to go in helping to combat a security breach.
You don’t want to have to contact a cybersecurity specialist to discuss commercials and business specifics during a breach, so work with an appropriate solutions provider ahead of time in putting together this selection of combative solutions.
4. Cyber insurance
Fourthly, it is worth investing in cyber insurance.
As we have already discussed, the average cyber breach costs companies $3.86 million – a sum that could easily cripple even the most resilient of businesses. In order to prevent such a reality from occurring where you might be held to ransom, an insurance provider can help to ease the financial blow.
In following these steps, you will have a sound starting point from which an effective incident response plan can be developed and a prevention-focused cybersecurity strategy bolstered.
- Scaleup Spotlight: Climeworks is the key to fighting climate change
- How Wi-Fi6 will optimise hybrid working
- Which European countries have the best and worst cybersecurity?
- McAfee: How to make telehealth safer for a more convenient life online
Indeed, given the current threat landscape, it has never been more important to create a holistic cyber response strategy: According to IBM, Remote work has increased the average cost of a data breach by $137,000. Further, Tessian reveals that 47% of employees fell for a phishing scam due to home distractions.
Given the severity of such statistics, now is the time to act.