So you have been breached, what now?

So you have been breached, what now?
By: Gene Ng, IBM ASEAN Security Lead

Hackers are no longer lone wolves. 80% of today’s cyberattacks are driven by highly organized crime rings in which data, tools and expertise are widely shared.
Gene Ng
IBM ASEAN Security Lead

From 2015 to 2016, the IBM X-Force Threat Intelligence Index reported a dramatic 566% increase of records compromised. In 2016 alone, there were more than four billion records leaked with the average organization experiencing more than 54 million security events.

This makes the need for trusted threat intelligence and incident response greater than ever. It is no longer a matter of if a security breach will happen, but rather, when will it happen and how will you respond to it. However, the reality is that 75% of organizations surveyed do not even have a modern incident response plan in place and 66% are not confident in their organization's ability to respond to a cyberattack.

According to the IBM & Ponemon Institute Study, the average time an organization took to identify a breach was estimated at 201 days while the average time to contain a breach was estimated at 70 days.

This is a huge issue considering that slow response can impact the cost of a breach. Incidents that take longer than 30 days to contain cost are estimated to incur $1 million more than those contained within 30 days.

If you suspect your company’s security has been compromised, here are 5 fundamental steps to guide you along in incident response:

1.     Acknowledge and then Act – The first step of incident response is acknowledging that a security breach has happened. Many companies waste valuable time coming to terms that a breach has happened, resulting in substantial loss of data and money. Remember that the sooner you act, the lower the casualty cost.

2.     Check the damage – Access the severity of the breach. Scan your system and networks for any affected endpoint(s) so that you can take immediate actions against threats and/or monitor your digital assets for any indicators of compromise. Using a security information and event management tool will also give you a good idea of the degree of penetration and severity and where the loopholes lie. Decisions like whether to restore your system or rebuild it will be dependent on the severity of the attack and whether your back-ups have been affected.

3.     Remediation and Recovery – Timely response to an incident can mitigate the severity of the attack while ensuring faster recovery at the same time. Once your security team has identified the cause of breach, it is imminent that they contain the root of the problem to prevent follow-on breaches. Plugging in the vulnerabilities found in step 2 at the earliest with the help of specialists would ensure minimum loss for the affected organization.

4.     Communication – We tend to underestimate the power of communication and what it can do for you.  Maintaining open communication with your internal and external stakeholders can help to put things into perspective and provide an opportunity for you to educate your employees about cybersecurity awareness and prevention. On the flipside, failure to communicate with your stakeholders can lead to unwanted speculation.
5.     Review, review, review – After every episode of a security breach, it is important to revisit your incident response plan to evaluate how to further strengthen it. A good incident response plan will not only provide you a good framework on how to respond but also identify what has worked previously and what has not. This will help you develop a more robust plan for future.

Remember, prevention is always better than cure. A good immune system can help your company to nip potential threats in the bud and save valuable time, money and effort.

For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
    Blogger Comment
    Facebook Comment