Responding to a cyber incident isn’t just about getting the systems back up and running (very important) but rather performing in sequence a set of mechanisms that improve the overall cyber incident response effectiveness. The set of sequences or as they are known in the sporting world, the follow through, is key to the most successful incident response and might not be as straightforward as you assume. Read on for a follow-through formula designed for efficient incident response here.
Data breaches are an increasing threat to the viability of any business, yet most businesses are not prepared to handle the costs associated with a data breach. Every business maintains proprietary data in nature in the form of customer lists, trade secrets and Personally Identifiable Information, or “PII” which is protected by law. It is important for businesses to understand the costs they may incur if and when customer PII is compromised. In addition to initial expenses incurred to investigate the breach, there may be other costs associated with potential litigation. Understanding your cyber risk allows an efficient and effective response when malicious activity occurs.
According to a May 14, 2015 article on Enterprisetech.com by George Leopold, the average cost of a data breach is expected to exceed $150 million by 2020. New regulations regarding the handling of personal and confidential information are important, but no compliance regulation is designed to protect your business and your operations. Cybersecurity is an organization-wide issue with the ultimate responsibility falling on the owners, executives, and board members. By taking a holistic approach to cybersecurity management, your business can reduce weaknesses in your cybersecurity defenses.
In order for a business to take on the seemingly daunting task of securing and protecting its assets, electronic or otherwise, the integration of several cybersecurity efforts is required. This can be accomplished by addressing three general areas of cybersecurity: prevention, detection, and response.
The ultimate goal of cybersecurity is to prevent an incident or a breach from occurring. Preventing cybersecurity breaches begins with establishing a budget. Helpful security measures can be implemented without breaking the bank as long as the business is effective in communicating its goals to the entire organization. Building a culture that not only follows best practice, but is also aware of cyber risk within the organization, is key to preventing a cybersecurity event. Finally, it is important to have a third party assess your current risks. Applying what you learn from this assessment will help you to prioritize tasks and secure your systems, networks, and applications with a strategy to prevent every attempted security breach.
Preventing 100% of attempted security breaches is impossible. To defend against future attacks, your business can implement a strategy to monitor and detect every attempt to compromise security. Most incidents begin with events that appear on system and network logs. If an organization learns to identify events from technical sources and reports that pose real threats to the security and operations, it can then be determined what, if anything, needs to be done to prevent a full security breach.
Original security practices call this “Incident Response.” This effort now requires some level of forensics capability, or “Forensics Response.” The inclusion of a forensics approach to handling incidents will ensure you have documented processes to defend your actions for legal obligations as well as keeping your business operating securely. You must strategize on how to best make informed decisions regarding how to respond to events.
Utilize the following tips when developing a defensible process:
- Use a third party for incident response capability assessments, as well as regulatory compliance.
- Use internal IT staff for business continuity and recovery during an incident.
- Use a third party to manage the incident response and conduct the investigation. It is important that this third party is trained and qualified in forensic investigation to handle incident response in a way to prepare for any potential future litigation that may surface.
- Ensure you are regularly conducting response activities on events that are a potential threat to your organization. It is important that you do not wait to declare something an incident based on compliance standards alone.
A client example
Recently, Eide Bailly provided forensic response services for an online e-commerce business. After receiving the initial call, we arrived onsite the same day. A technical team was assembled to begin assessing the situation, collecting and preserving evidence and making the necessary changes to get the e-commerce site back up, protected and safely running again. This was accomplished the same day and the business was back online while the investigation continued. After several weeks, the forensic investigation was completed and we determined the systems had not been compromised. Instead, the suspected breach was a result of a third party handling the organization’s credit card transactions. This holistic approach saved the organization hundreds of thousands of dollars by providing the due diligence and documented defensible process to help defend them from any potential future litigation resulting from the incident.
A business that is disrupted due to a cybersecurity breach feels the pressure to restore operations immediately to minimize the disruption. In this situation, our team of experts managed the forensics response, properly investigated the issue, and provided risk analysis and additional technical resources. The emergency was resolved in the short-term and we provided long-term solutions to improve prevention, detection, and response capabilities.
Cyber threats and cyberattacks have increased dramatically over the past decade. These attacks have exposed sensitive personal and business information, disrupted the critical operations of organizations and imposed high costs on the economy. The majority of costs are not from the actual compliance failure. The largest costs to an organization stem from having an indefensible process when litigation ensues. It is imperative that you stay informed about the continuously changing forms of cyber threats and develop appropriate, cost-effective controls to safeguard your businesses from data breaches and potential litigation.