Your next Incident Response System

A growing number of cyber security professionals are aware that their company is woefully underprepared for this generation's cyber attacks.  Although they feel that their firewalls or IDS security appliances offer good overall protection, they also fear the growing network of hackers and viruses that have become cleverer at navigating around traditional detection strategies.  Most of us realize that the hacking community has evolved.  They are no longer hacking to simply wreak havoc; today’s attackers are in it for something much greater—financial gain. Overtaking virus attacks, fraud has become the greatest source of financial loss, and it gets worse every year.

The Preparedness Landscape

In 2008, a CSI computer crime & security survey reported that 43% of respondents suffered some type of security incident within the previous year. The results did not include undetected security breaches.  Fast forward to the 2013 US State of Cybercrime Survey, which highlighted what many in government and cybersecurity knew all along: the threat of the cybercrime environment has become increasingly both passive and hostile.  Efforts to stop this wave of attacks have had minimal effect. 
Businesses were asked whether they had a methodology to help determine the effectiveness of their organization’s security programs based on clear measures; the results were alarming:

  • Don’t know/not sure - 22%
  • No - 38%
  • Yes - 40%

That well over half didn't know or didn't have one is concerning; cyber security incidents and financial losses are on the rise and most businesses still don’t have any procedure to handle and diagnose a breach.  This is unfortunate, as implementing an Incident Response Program (IRP) allows for quicker response, damage minimization, and less downtime when attacks occur. 

What an Incident Response Plan can do for you

The incident response system is part of the cyber attack IRP, an orderly and effective process with the steps and goals necessary when trying to mitigate a computer-related intellectual property theft.  The steps in the IRP will help you deal with continued hacking attempts, social networking scams, viruses, DoS attacks and data exfiltration.  The IRP should also outline where to get the necessary authorizations to stop and resolve various types of unwanted cyber incidents.  An IRP’s goal is to guide the process of managing a cyber-security incident.  Ultimately, companies need to limit the damage, increase the confidence of external stakeholders, and reduce recovery time and associated costs.

Form an Incident Response Team

What’s the next step? Form an Incident Response Team (IRT) whose responsibility is to investigate and report on intrusions in a timely and cost-effective manner.  The IRT team should include: a CEO, a firewall administrator (if you have one), a desktop administrator, and the application manager. When a breach is dire, sensitive issues should be immediately escalated to the executive level. 

Make sure key members of the IRT subscribe to one or more of the security alert services and are given time to read them.  These services help the team stay abreast of any currentl (i.e. last 24 hours) threats or vulnerabilities.   

Many corporations have implemented an incident response solution and have found that they are more on top of threats and related security incidents.  It also provides most of us with greater peace of mind.  Visit Plixer to learn more about how to Detect - Respond - Contain cyber attacks.