Effective Incident Response in an Age of High Profile Breaches
It’s practically impossible to claim ignorance of the innumerable information security dangers present in our digital world nowadays. Even if you’ve somehow managed to miss the almost daily news blasts reporting the millions of personal records spilled from big-name organizations by hacker groups, it’s almost a guaranteed bet that your credit card has been reissued in the recent past or that you’ve received notice from your doctor’s office that your medical information was included in an ‘unauthorized disclosure’. Few have dodged the ‘breach bullet,’ and that number will invariably continue to dwindle. In fact, in mid-2014, researchers at the Ponemon Institute compiled data for CNNMoney showing that approximately 47 percent of Americans had their personal information exposed by hackers within in the previous 12 months. While updated statistics have not been published since that time, one can only assume that an upward trend would shake out of the headlines as of late.
So, how far along are you with your incident response planning? Have you created and documented your incident response plan and procedures? Trained your incident response team? Tested and updated your plan?
An incident response plan is your lifeline during the response and recovery efforts that follow a breach. It defines and categorizes the incident, assigns levels of severity, establishes the role for each team member, and lists proper escalation, eradication, restoration and post-mortem review processes. Further, it is a tool that helps to determine the appropriate level of response efforts for incidents of varying severity. As an example, it might not be necessary to call the fire department for a small trashcan fire but, conversely, you probably wouldn’t get very far if the whole building was ablaze and you showed up with a handheld fire extinguisher.
As you design your organization’s incident response strategies, be sure to include the detection tools and procedures you will depend upon to identify an active incident and how they should be configured to produce useable logging and auditable records. Partner with local, reputable organizations that specialize in digital forensics and breach investigation. And once you’ve decided who will be part of the incident response team, make sure they’re thoroughly trained and ready to play their part.
Finally, remember to test your plan. Conduct a walkthrough test on paper to catch any glaring errors or omissions and work your way up to a full simulation test with live, non-production systems. Invite all stakeholders and incident response personnel to participate, and gather feedback from all observers after the test so corrections can be made to the plan. Don’t expect immediate success … your first dry run might prove a little embarrassing, and that’s OK. Better to iron out those kinks in the confines of the conference room after initial testing than with the world watching following a costly breach.
Let’s face it – no one wants to think about a breach or the resulting fallout. But with some forethought and preparation, you can be confident that your company will mount a fast, efficient, well-planned response to a situation that might’ve otherwise spiraled out of control. I95
Continental Technologies, Inc.