Security for the Incident
Not every security incident can be prevented. No matter how much you plan, it can still happen. But the wider impact on your organization will depend on what type it is and how you respond.
- An “incident” (lower case “i”) – minor issues that can be dealt with through triage in the normal cycle of service desk tickets. Or
- An “Incident” (upper case “I”) – major problems that can significantly disrupt what you do without the right preparation.
Are you well-drilled?
The moment an “Incident” occurs the organization must act. But have you ever performed an Incident drill? Just like a fire drill, it’s about going through the various actions to mitigate the impact on your business. Whether the Incident is spotted by your own IT team or a third-party managing your security, the speed of your reaction is crucial. And the more that people know what to do, the faster the reaction.
In the event of a fire, your organization is no doubt well-drilled to ensure people leave their desks, head to the nearest fire exit and regroup. Fire stewards in every team ensure people get out of the building safely and that no one is left behind.
But compare that to the average organization’s Incident preparations. After the alarm has rung, who is equipped to check vital systems? How will you assess the extent of the initial damage? Is it likely to get worse? With no intelligence on the breach and no drill, you’re in danger of wasting time and fanning the flames of the Incident.
What’s the impact?
With no plan to handle an Incident, things can swiftly get out of hand:
- As the depth of the Incident grows, so does the damage to mission-critical data and systems.
- As the time to respond grows, so does the list of affected areas of the organization.
- The money spent reacting simply adds to the likely costs of service interruption, system recovery and potentially compensation.
How to respond?
With that in mind, it is important to know when an “incident” is actually an “Incident.” Most important is having a plan of action to follow when an Incident does occur. The more insight you have into your own systems, the easier this becomes.
This is made imperative with the soon-to-be- enforced EU General Data Protection Regulation (GDPR). Organizations will be compelled (by very stringent fines) to not only protect people’s data but also reveal breaches.
Having an agreed comms plan to cover a number of eventualities in place is also critical to reassure your stakeholders or shareholders.
Intelligence-led security will help you prepare for all of this. It also gives you the ability to self-generate new responses as threats evolve, meaning you are able to reduce the likelihood of major Incidents. This is thanks to the predictive work you will be able to do in understanding ongoing threats.
Armed with intelligence about your systems and external threats you can put in place the controls to mitigate Incidents. If an Incident does occur, you will be better placed to understand it and respond swiftly. And by taking effective action, closing the Incident and then using post- Incident analytics, you can maintain the highest standard of security at all times.