So you have been breached, what now?
By: Gene Ng, IBM ASEAN Security Lead
By: Gene Ng, IBM ASEAN Security Lead
Hackers are no longer lone wolves. 80% of today’s cyberattacks
are driven by highly organized crime rings in which data, tools and expertise
are widely shared.
are driven by highly organized crime rings in which data, tools and expertise
are widely shared.
Gene Ng IBM ASEAN Security Lead |
From 2015 to 2016, the IBM X-Force
Threat Intelligence Index reported a dramatic 566% increase of records
compromised. In 2016 alone, there were more than four billion records leaked
with the average organization experiencing more than 54 million security
events.
Threat Intelligence Index reported a dramatic 566% increase of records
compromised. In 2016 alone, there were more than four billion records leaked
with the average organization experiencing more than 54 million security
events.
This makes the need for trusted threat intelligence and
incident response greater than ever. It is no longer a matter of if a security
breach will happen, but rather, when will it happen and how will you respond to
it. However, the reality is that 75% of organizations
surveyed
do not even have a modern incident response plan in place and 66% are not
confident in their organization’s ability to respond to a cyberattack.
incident response greater than ever. It is no longer a matter of if a security
breach will happen, but rather, when will it happen and how will you respond to
it. However, the reality is that 75% of organizations
surveyed
do not even have a modern incident response plan in place and 66% are not
confident in their organization’s ability to respond to a cyberattack.
According to the IBM &
Ponemon Institute Study, the average time an
organization took to identify a breach was estimated at 201 days while the
average time to contain a breach was estimated at 70 days.
Ponemon Institute Study, the average time an
organization took to identify a breach was estimated at 201 days while the
average time to contain a breach was estimated at 70 days.
This is a huge issue considering that slow response can
impact the cost of a breach. Incidents that take longer than 30 days to contain
cost are estimated to incur $1 million more than those contained within 30
days.
impact the cost of a breach. Incidents that take longer than 30 days to contain
cost are estimated to incur $1 million more than those contained within 30
days.
If you suspect your company’s security has been
compromised, here are 5 fundamental steps to guide you along in incident
response:
compromised, here are 5 fundamental steps to guide you along in incident
response:
1. Acknowledge and then Act
– The first step of incident response is acknowledging that a security breach
has happened. Many companies waste valuable time coming to terms that a breach
has happened, resulting in substantial loss of data and money. Remember that the
sooner you act, the lower the casualty cost.
– The first step of incident response is acknowledging that a security breach
has happened. Many companies waste valuable time coming to terms that a breach
has happened, resulting in substantial loss of data and money. Remember that the
sooner you act, the lower the casualty cost.
2. Check the damage – Access
the severity of the breach. Scan your system and networks for any affected
endpoint(s) so that you can take immediate actions against threats and/or
monitor your digital assets for any indicators of compromise. Using a security information and event management tool will also give you a
good idea of the degree of penetration and severity and where the loopholes lie.
Decisions like whether to restore your system or rebuild it will be
dependent on the severity of the attack and whether your back-ups have been
affected.
the severity of the breach. Scan your system and networks for any affected
endpoint(s) so that you can take immediate actions against threats and/or
monitor your digital assets for any indicators of compromise. Using a security information and event management tool will also give you a
good idea of the degree of penetration and severity and where the loopholes lie.
Decisions like whether to restore your system or rebuild it will be
dependent on the severity of the attack and whether your back-ups have been
affected.
3. Remediation and Recovery – Timely
response to an incident can mitigate the severity of the attack while ensuring
faster recovery at the same time. Once
your security team has identified the cause of breach, it is imminent that they
contain the root of the problem to prevent follow-on breaches. Plugging in the
vulnerabilities found in step 2 at the earliest with the help of specialists
would ensure minimum loss for the affected organization.
response to an incident can mitigate the severity of the attack while ensuring
faster recovery at the same time. Once
your security team has identified the cause of breach, it is imminent that they
contain the root of the problem to prevent follow-on breaches. Plugging in the
vulnerabilities found in step 2 at the earliest with the help of specialists
would ensure minimum loss for the affected organization.
4. Communication – We
tend to underestimate the power of communication and what it can do for you. Maintaining open communication with your
internal and external stakeholders can help to put things into perspective and
provide an opportunity for you to educate your employees about cybersecurity
awareness and prevention. On the flipside, failure to communicate with your
stakeholders can lead to unwanted speculation.
tend to underestimate the power of communication and what it can do for you. Maintaining open communication with your
internal and external stakeholders can help to put things into perspective and
provide an opportunity for you to educate your employees about cybersecurity
awareness and prevention. On the flipside, failure to communicate with your
stakeholders can lead to unwanted speculation.
5. Review, review, review – After
every episode of a security breach, it is important to revisit your incident
response plan to evaluate how to further strengthen it. A good incident
response plan will not only provide you a good framework on how to respond but
also identify what has worked previously and what has not. This will help you
develop a more robust plan for future.
every episode of a security breach, it is important to revisit your incident
response plan to evaluate how to further strengthen it. A good incident
response plan will not only provide you a good framework on how to respond but
also identify what has worked previously and what has not. This will help you
develop a more robust plan for future.
Remember,
prevention is always better than cure. A good immune system can help your
company to nip potential threats in the bud and save valuable time, money and
effort.
prevention is always better than cure. A good immune system can help your
company to nip potential threats in the bud and save valuable time, money and
effort.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!