researchHQ’s Key Takeaways:
- The average cost of a data breach is $3.9 million, an incident response plan is critical for organisations to mitigate and limit the scope of breaches when they occur.
- When developing an incident response plan companies must ensure that their strategy is aligned with any relevant regulatory requirements & synchronised with all relevant parties.
- Early detection and validation are crucial to effective incident response, allowing the relevant stakeholders to be notified in a timely fashion.
- Companies should move to contain any threat as soon as it is identified to limit the damage inflicted and speed up the recovery process.
Your organization faces cyber attacks every single day—and some of them will breach your cyber defenses. A breach puts extreme pressure on your incident response team. Get your response plan right, and you’ll be able to minimize the damage and recover quickly. Get it wrong, and the consequences could be long-lasting and dire.
But not all response plans are created equal. Your security operations center needs well-defined and frequently reviewed protocols in place to ensure that your organization is ready to respond to a serious security incident.
Why do you need an incident response plan?
Modern cyber attacks are getting harder to prevent. Cyber criminals have a well-stocked arsenal of attack tools and countless techniques for staying hidden. Hacks, social engineering attacks and malware were three of the top four tactics used in data breaches in 2019, according to the 2020 Verizon Data Breach Investigations Report. The continued growth of 5G, cloud computing and Internet of Things deployments means more devices, data and assets for attackers to target.
An ounce of prevention is worth a pound of cure, but when it comes to cyber security, it could be worth a whole lot more. The average cost of a data breach is nearly $3.9 million—a tough bill to swallow. Unfortunately, many response plans are failing: The average time to identify and contain a breach is 280 days, enough time for a breach to wreak some serious havoc.
What should an effective incident response plan include?
How you construct your response plan and how you determine when an incident is serious enough to merit a response will depend on how comfortable you are with risk. Once you figure out these parameters, National Institute of Standards and Technology (NIST) guidelines suggest handling security incidents in four key phases:
- Prepare. Develop a plan that aligns with any relevant regulatory requirements, such as the Payment Card Industry Data Security Standard, the General Data Protection Regulation, the California Consumer Privacy Act and the Health Insurance Portability and Accountability Act. Identify key stakeholders inside and outside your organization and define what their roles and responsibilities will be during an incident. Synchronize your response plans with your business continuity plans and stakeholders.
- Detect, analyze and validate. Early detection and validation is crucial, as this will determine which stakeholders need to get involved and what they should do. The NIST and Verizon offer ready-made incident classifications you can adopt as your own. The security controls you use to detect incidents could include endpoint detection and response, file integrity monitoring, data loss prevention, network traffic analysis, security information and event management, and dark web monitoring. Escalate detected incidents to the relevant stakeholders and notify regulators, board members, shareholders, customers and employees where appropriate.