←All Posts Posted on October 6, 2014 By admin
Data security breaches and hacking seem to make the news on a depressingly regular basis these days. This type of incident can cost a company dear both financially and in terms of the damage caused to its reputation. It’s crucial therefore that any response is effective and timely in order to first contain and then mitigate the effects of a breach or attack.
This means having a plan in place to deal with security issues, but planning isn’t always enough. Take the case of retailer Target in the US, it had a security team and then latest tools in place but still managed to get caught out.
Part of the problem is that businesses are often unwilling to talk about and share their experiences, yet there’s a lot to be learned from how others have successfully dealt with similar incidents. It’s also important that response capabilities are tested. Having an incident response plan on paper is all very well but you need to check that it actually works and that team members know what to do and who to contact.
Analysis of previous problems reveals that organisations tend to make the same mistakes when placed under pressure. One of the most common is a failure to have a clear chain of command. Someone needs to have ultimate responsibility for managing an incident and that person needs to be senior enough to take decisions and call on the resources needed to fix it. Technical skill is less important here than management and organisational ability.
Another common mistake is a failure to pinpoint the source of an attack. Unless you can do this it’s difficult to effectively contain and ultimately eliminate the problem. It’s vital to keep a log of all the actions you take too, this can help you understand the incident and is useful for any later analysis too.
Logging your actions is not to be confused with keeping adequate system logs, though these are vital too. Keeping Windows event logs, DNS logs, firewall logs and more is key to detecting and resolving incidents. It’s important that part of your reaction plan is to preserve log data for analysis.
Preparing for the Worst
Although a plan on its own is no solution, it is important to have some sort of procedure in place to deal with cyber security threats, whatever the size of your business. Of course having security software, firewalls and so on in place is essential too but it’s important that enterprises don’t succumb to complacency once they have these measures in place.
You need to ensure that your protection measures are up to date, you should also review and revise them when new threats emerge. However, it’s also essential that you consider what might happen if your systems are compromised.
Larger companies may be in a position to assemble an incident team ahead of events allowing them to respond quickly when the need arises. This addresses the issue we discussed above that someone needs to be able to take control of the situation. In a big company the team needs to include not only technical staff but also senior management and specialists such as press officers who can manage your public response.
Smaller enterprises may not have all of these resources at their disposal but should still have a plan to determine who takes control of any incident and what resources they can call on. If IT services for the business are outsourced then you need to ensure that any planning includes up to date contact details.
Who You Gonna Call?
Even though you have a good and regularly maintained plan, how it performs in the face of an actual incident is something you can never be sure of. The old military saying that no plan survives its first contact with the enemy is worth remembering here. To be sure that you can respond effectively it may be worth considering the use of a specialist computer emergency team.
Companies like Elvidence offer a range of services including forensic preservation of data and response to attacks. By hiring a team of experienced professionals you can be sure that any cyber security incident can be dealt with by people who know what they’re doing. No matter how much they practise, internal teams will inevitably have to learn about an incident as they go, so bringing in someone who is well versed in dealing with similar threats can prove invaluable.
As large-scale vulnerabilities like Heartbleed and Shellshock continue to make the headlines, it’s a foolish company which ignores the potential to fall victim to an attack. Putting in place plans or hiring professional advice may seem like a cost that – in difficult times – could easily be put on the back burner. However, the cost of falling victim to an attack is potentially much greater and the damage to your company’s reputation could prove irreparable.