A data breach can devastate your business and have real financial and reputational impact. Unfortunately, every organization will experience some type of security event. This could be from an outside attack or from the internal mishandling of sensitive data. Research suggests that the average cost of a data breach is upwards of $3.8M after remediation efforts, fines, and public relations costs. You need to be ready when a security incident happens.
What’s Your Incident Response Plan?
Many of the customers I work with have great security technology in place, but for some, this isn’t tuned properly to detect a security incident or even notify security staff of suspicious activity that may lead to a breach. Breaches can go undetected for many months, and there is an industry shortage of expertise that can identify the events that lead to a breach. For that reason, many organizations outsource security monitoring and alerting to a third party which may not be able to determine when an intrusion or anomalous behavior is taking place. The trick here is in the timing to notify the client and quick remediation of the threat.
That’s why your business needs an incident response plan. I ask my customers, “What would you do if your servers were locked up from a ransomware attack? Do you have a plan? Would you know the next three or four things you need to do? Would you know when to notify HR versus when to notify law enforcement?” (Every state now has a breach notification law). Many of them don’t have a plan or just don’t know where to start.
How to Build a Comprehensive Strategy
Incident response starts with training your employees on what a security threat looks like and to include that in their roles and responsibilities. Continuous security awareness training is key to keeping employees up to speed on how they conduct business and what risk to the business a breach could have.
Next, identify the security technologies you have in place that protect the network, and develop a plan to review the configuration of those technologies to ensure they are set up properly. Include monitoring for anomalous behavior or activity. Identify security stakeholders in your business that can help determine what risks the business is exposed to. Conduct a comprehensive assessment of your security program, and develop policies and procedures that outline a workflow for remediation in the event a breach is detected, including the legal and disciplinary actions required.
Then look at containment. Many times, the security staff will want to simply “fix” the problem through operational workflows without thinking about containing the forensic data if necessary (process for preserving forensic evidence).
Set up an incident response team, and coordinate the actions of each team member. This includes testing the plan through security tabletop exercises and validation of the in-place security technology and policies and procedures. Each team member will have their own unique responsibility and perspective making the process more effective in the event of a breach.
Turn to a Trusted Expert
Connection offers a suite of security assessments that help organizations identify risk. It starts with our Security Landscape Optimization assessment, which covers endpoint security, network and data security, operational security, and governance risk and compliance. We also offer targeted vulnerability scanning, penetration testing, and more. Our focus is on infrastructure security and ensuring you have the right technologies and configurations in place to protect the network.
Connection also offers Security Awareness Training to help protect your end users from falling prey to attackers. We can assist with writing and reviewing security policies and work with your organizations IT and security staff to help build out security best practices and proper communication channels. Our Incident Response Retainer service provides a block of hours set aside in the event you do experience a security breach and need assistance. You can also use these hours for other security services, including tabletop exercises if needed. This retainer server ensures that you get the attention you need if a breach does occur. All of this should align with your organization’s business resiliency planning and testing. Incident response planning will ensure your organization is ready when the next threat knocks on your door—and may keep your business out of the headlines.