The importance of cybersecurity incident response: Four tips for implementation

Given the increasingly intense cyber threat landscape that has continued to evolve at an alarming rate in recent months, it has never been more important for organisations to cover all angles. Patrick Wragg, Incident Response Manager, Integrity360, discusses why cybersecurity must look beyond prevention and outlines some top tips for effective incident response.

The intensity of the threat landscape today is underpinned by some alarming statistics.

Owing to the mass uncertainty, disruption and anxiety brought about by COVID-19 in 2020, cybercriminals quickly adjusted their tactics in an attempt to prey on people’s fears and maximise the effectiveness of their attacks.

As a result, Google blocked 18 million malware and phishing emails related to coronavirus daily in April 2020. However, ReedSmith also revealed that the volume of scams increased 400% month over month in March 2020.

In terms of the financial impact, it is said that the average cyber breach costs companies US$3.86mn and takes 280 days to identify and contain, IBM reporting that cybercrime costs are expected to exceed $6trn annually this year.

Such statistics manifest themselves in equally shocking real-world impacts, no better demonstrated than by the SolarWinds breach that was uncovered in December 2020. Here, hackers added malicious code into its Orion Software that was subsequently installed by 18,000 of SolarWinds’ customers, including US government agencies and Fortune 500 companies, in a routine update.

And beyond SolarWinds, similarly, significant breaches have continued into 2021. Kaseya, for example, became the subject of a major ransomware attack affecting 1,500 companies and government agencies in July.

Indeed, these are just two examples of successful cyberattacks among tens and tens of thousands. Yet, with an ever-increasing amount of attention being paid to cybersecurity, the question is, why are cyberattacks still so successful?

Why is cyber incident response important?

Where many companies cultivate a cybersecurity strategy, much of the focus continues to be placed on prevention and building an external wall to safeguard internal assets and data.

Here lies the challenge.

Prevention should form just one component of a successful cybersecurity strategy. In addition, companies need to be able to monitor and respond to threats within their internal networks should their security fail and defences be breached.

It is worth considering the way in which we prepare for fires. While it is possible to take many precautions in reducing the chance for flames to break out, we still need fire alarms, fire extinguishers and the fire service to ensure safety and reduce the potential damages in the event that a fire does occur.

In a cybersecurity context, incident response is critical for this very same reason.

Top tips for effective cyber incident response

In the same way a fire extinguisher can help to put out a fire, incident response is an organised approach to addressing and managing an attack or security breach once it has already begun.

An attack can wreak havoc, incident response works to reduce the damage, help organisations recover as quickly as possible, and review attacks so that better preparations can be made in the future.

Here are some of the key aspects of incident response that you should consider ensuring maximum effectiveness.

1. Playbook

First, create an incident response playbook that will act as a step-by-step guide for what to do in the event of a cyberattack. This should include everything from the stakeholders that need to be alerted to the necessary processes to follow and in which order.

At Integrity, we recommend leveraging the SysAdmin, Audit, Network, Security (SANS) Institute framework in the creation of an incident response playbook, which you can learn more about in this whitepaper. Using this framework, you will be able to build a cyber incident response procedure that includes six key steps – preparation, identification, containment, eradication, recovery, and lessons learned.

2. Runbook

On top of this, organisations should develop a series of more detailed and specialised runbooks tailored to specific incidents that branch off the core playbook. There should be a runbook for ransomware, a runbook for insider abuse, a runbook for phishing, and so on, detailing what to do in the event of each specific attack.

In the same way that you wouldn’t want to have to read the instructions on a fire extinguisher once a fire has already broken out, runbooks ensure rapid response can be achieved where time is of the essence. To ensure readiness in the event, it is also worth putting each runbook to the test with mock incident response exercises that can be reviewed to help enhance your processes.

3. Jumpkit

Any successful incident response strategy should be backed by not only the best processes but equally the best possible tools. Having a carefully cultivated jumpkit is therefore of vital importance.

Just as a plumber will have the required equipment on hand 24/7 to help them deal with a leak, a jumpkit comprises a selection of solutions that are ready to go in helping to combat a security breach.

You don’t want to have to contact a cybersecurity specialist to discuss commercials and business specifics during a breach, so work with an appropriate solutions provider ahead of time in putting together this selection of combative solutions.

4. Cyber insurance

Fourthly, it is worth investing in cyber insurance.

As we have already discussed, the average cyber breach costs companies $3.86 million – a sum that could easily cripple even the most resilient of businesses. In order to prevent such a reality from occurring where you might be held to ransom, an insurance provider can help to ease the financial blow.

In following these steps, you will have a sound starting point from which an effective incident response plan can be developed and a prevention-focused cybersecurity strategy bolstered.

READ MORE:

Indeed, given the current threat landscape, it has never been more important to create a holistic cyber response strategy: According to IBM, Remote work has increased the average cost of a data breach by $137,000. Further, Tessian reveals that 47% of employees fell for a phishing scam due to home distractions.

Given the severity of such statistics, now is the time to act.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...