Combatting Cybercrime with an Incident Response Plan
Based on the cybersecurity news proliferating in the mainstream media today – from ransomware incidents to data breaches of massive proportions – it has become clear that organizations need to put security mechanisms in place to protect their IT infrastructure. Organizations commonly use anti-virus, firewall, intrusion prevention and other security technologies to protect themselves; but as we have continued to see, these organizations are not keeping up with both the technology and associated people and processes needed to combat an ever-changing threat landscape.
Additionally, despite the measures organizations are taking, security professionals also show mixed levels of confidence in terms of their ability to thwart attackers. According to Cisco’s 2016 Annual Security Report, only 51% of survey respondents strongly believe they can detect security weaknesses before they become full-blown incidents. Only 45 percent are confident in their ability to determine the scope of a network compromise, and to remediate the damage.
Week 3 of National Cyber Security Awareness Month is focused on recognizing and combating cybercrime. If you are responsible for the IT infrastructure of your organization, you must include incident response in your plan to protect your organization. Or, as I prefer to say: your plan must address threat management.
I have previously blogged about a threat management maturity model. The reality is most organizations today do not have mature threat management practices in place: response to incidents is handled on a case-by-base basis, and often in direct response to a breach. There is little strategic planning, lack of consistent processes, and perhaps more importantly a lack of continuous monitoring and response. This works for basic use cases, like addressing common malware and supporting compliance, but isn’t sufficient for more complex cases like ransomware or a mega breach, and it certainly isn’t going to be sufficient if your organization is moving toward a digital business model.
A growing number of organizations are turning to professional expertise to assist with incident response. The percentage of respondents in the 2016 Annual Security Report who outsourced incident response processes grew from 35% to 42% between 2014 and 2015.
I lead the Incident Response Services team at Cisco. We recognize that organizations are at various stages of maturity for threat management, so we’ve developed a portfolio of offers that can help bolster your program while you are building it out. Our portfolio includes:
- Emergency Incident Response – This service is targeted for situations when you have experienced a breach. We address immediate concerns and help you build a plan to address the situation, contain damage and work with you on short term and longer term strategies to address underlying issues.
- Incident Response Retainer – A growing number of customers are engaging our team by having us on retainer. In this arrangement, you work with a defined set of experts who are familiar with your environment and existing processes and work within defined response times. They augment your team, are ready when you need them, and supplement your own readiness plans.
- Proactive Threat Hunting – An increasing number of organizations are not willing to wait for an incident to happen and are asking the question, “Are we already compromised?” We’ll work with you to design a custom hunt, deploy any needed technology, assess your environment to identify existing threats on your network, and then provide a prioritized action plan to increase your cyber hygiene.
Incident response must be a critical component of your security strategy. Educate yourself on what is required to establish a solid incident response program by reading this white paper. Be ready to respond: work with experts in threat management to ensure you’ve got the people, processes and technology in place.