The cybersecurity landscape continues to shift at a pace that is accelerating, Stephanie Fox, our Head of Security Solutions, explains the importance of Incident Response Planning. New vulnerabilities are emerging and attack techniques are evolving. Regulatory pressures are trying to clamp down and stem the flow, while technology advances aid the defence against these threats. But those same technology advances also bring new risks.
The good news is that with every new challenge there is also an opportunity. Companies can work together with their partners, customers, and the broader industry to build stronger, more resilient defences.
Incident readiness matters more than ever
The media is full of reports of companies being compromised. The headlines focus on the fact they were attacked, rather than how effectively they responded. I guess you could draw your own conclusions, about the time it takes for an incident to get into the public realm and the company statements providing an update on their position. It’s very rare that you will see reference to an effectively effected incident response (IR) plan.
That being said, Companies are demonstrating an increased level of maturity, in recognising that incidents don’t just happen to other people but can happen to them.
At Prosperity 24/7, we’re seeing a rise in organisations wanting to be prepared—not just compliant for a number of reasons:
- Stakeholder Trust – customers, partners and suppliers’ expectations regarding the security of their data is increasing. They expect your company to recover effectively and look for assurance that it won’t happen again, through the effective incident response strategies that you have in place.
- Insurability – Insurers now expect strong incident response processes as a pre-requisite of effective cyber security and in some cases, won’t offer cover without proof of a working IR capability.
- Confidence – companies want to ensure their IR plans can be executed with confidence, and through frequent IR testing, they can build muscle memory to response to a real incident in a controlled and composed manner.
- Regulatory expectations – new legislation and frameworks are driving effective, regularly tested IR plans, which are now mandating that IR is embedded into the provision of IT Services.
Current trends in cyber threats to your business
According to current trends (from our Partner Arctic Wolf):
- Ransomware and Data Extortion still dominate, making up 44% of incident response cases.
- Data Breach/Intrusion Responses account for 24%.
- Business Email Compromise (BEC) incidents sit at 27%, including:
- Account compromise
- Data theft
- CEO/executive fraud
- False invoice schemes
- Product theft
- Impersonation of legal representatives
- Rising Active Threat Actor Compromises should be considered a significant risk.
Prevention is still critical, but response makes the difference
Preventative measures like patching, vulnerability management, good security hygiene, and user awareness training remain fundamental. But response readiness, defined as the ability to detect, react and recover swiftly during an active threat, is equally critical and completes your organisations’ cyber security strategy.
Response is as much about people and processes as it is about technology, because an effective and timely response depends on people doing the right thing under immense pressure.
And that’s were preparation and practice matter most. You’d much rather find flaws in your response during a simulation exercise than during an actual ransomware attack.
Not just ticking a box
An Incident Response plan starts with a ‘point in time’ assessment of the technology, people and processes required to recover from an incident when it happens. However, it isn’t something to be treated as a tick box exercise then locked away in a drawer. IR plans are too commonly not looked at again, even when an incident does occur. Incident response should be included in the DNA of every company, as it is instrumental to how we can respond to attacks within it.
Our partners, Arctic Wolf reported that: 84% of organisations currently have an IR plan in place but only 59% of those have reviewed or updated their plan in the last 12 months.
That leaves a significant proportion with outdated, untested, or theoretical plans which may not hold up under real-world attack conditions.
Move from reactive to resilient
The threat landscape will keep evolving, but with the right focus on people, process, technology and practice, organisations can move from reactive to resilient.
Don’t wait until it’s too late. If your organisation hasn’t revisited its Incident Response plan recently or even worse, not thought about it yet, now is the time.
