How effectively can you respond to an incident?
Nobody wants it to happen to them, but organisations must face the troubling inevitability that successful cyberattacks will occur, and develop an effective plan to mitigate the impact.
Quick discovery and an efficient response to an attack on your network can save an untold amount of time, money and staff hours. Infosec Partners offers Incident response services to help you optimise your incident response plan, coordinate an incident response team and determine the source, cause and extent of a computer security breach quickly as well as a fully managed incident response service.
The 6 steps of incident response
Which of these areas would you like us to help you improve?
|1.||Preparation. Are suitable defences in place, including tools, teams and training for incidents before they happen?|
|2.||Detection & Identification
Are incidents being identifed thoroughly? Going through the IR process only to find a false alarm is no fun
|3.||Containment. Incident need to be contained immediately to prevent/reduce possible collateral damage.|
|4.||Eradication. Get rid of the malicious code, unauthorized account, or bad employee that caused the incident.|
|5.||Recovery. Ensure systems meet company standards or baselines, before returning to service and continue to monitor it for any aberrant behaviour to be sure that incident has been fully resolved.|
|6.||Aftermath/ Lessons learned. Reports should detail what happened, why it happened, what could have prevented it, and what you’ll be doing to prevent it from happening again. Buy-in must be obtained for the changes needed to prevent similar incidents in the future.|
Whilst most organisations already have an Incident Response plan, many might not truly operationalise them perhaps due to inadequate design, implementation, or both. Perhaps the plan is not well orchestrated across business units or the procedures are not practiced enough by the response team - potentially meaning the decision making is cumbersome and inconsistent. When discovering and responding to incident, any delay could be very costly.