paint-brush
Are You Prepared to Respond to Advanced Security Incidents?by@katjohnson
362 reads
362 reads

Are You Prepared to Respond to Advanced Security Incidents?

by Kat JohnsonSeptember 8th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

PPC ads are commonly utilized by brands to enhance sales and create leads. Pay-per-click ads can also be fruitful when it comes to boosting brand visibility. A boost in visibility can assist you in developing a strong image for your brand. It distinguishes you from your competition and enables you to attract the correct audience, and aids in the development of trust between your customers and your brand. In this article, you’ll learn about the ways through which you can boost your brand visibility.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Are You Prepared to Respond to Advanced Security Incidents?
Kat Johnson HackerNoon profile picture

NEXT GENERATION OF INCIDENT CYBER SECURITY PREPAREDNESS


Just as firefighters and emergency physicians train to save lives, companies should prepare and train to protect themselves and respond to security incidents. This is increasingly important given the rapidly evolving threat landscape, with targeted cyber attacks by motivated, determined threat actors.


Given this environment, organizations are challenged to evaluate the adequacy of their staff, processes, and technologies to protect, detect, respond and contain incidents caused by advanced attackers.


The following are some questions that organizations should consider:


  • Do you have an incident response plan and is it tested on a regular basis?
  • When was the last time that your organization independently assessed the incident response practice using expert professional services?
  • Is your security staff familiar with the tactics, techniques, and procedures (TTP’s) of advanced attackers and do you have the intelligence to constantly evolve your prevent, detect, and response capabilities in response to the evolving threat landscape?
  • Does your organization have enough visibility and the capability to detect and alert in a matter of minutes to the presence of malicious activity?

Core Capabilities of Preparedness

Preparation is key to implementing an effective protection and response capability. Based on Mandiant’s experience responding to hundreds of security incidents, including the most critical headline-making breaches, organizations should focus on 6 essential capabilities:


governance, communications, visibility, intelligence, response and metrics.

Governance

Does your security organization have the right people, and is it properly organized to respond effectively to security incidents? Are roles and responsibilities clearly defined and documented? Does your staff have the necessary skills, experience, and training? Having an adequately staffed, well-trained security organization is a key component for developing a mature security posture.

Communication

Formal and informal communication mechanisms allow effective knowledge transfer between internal staff, internal areas, relevant service providers, and external entities. A good communication plan not only allows rapid escalation and provides accurate and truthful information but it also ensures that information flows are only to the appropriate people and organizations. For example, incorrect or incomplete information provided to the public or the press may cause a significant negative impact and could significantly damage brand and customer confidence.


Does your organization have incident response specialists? Do you have communications and legal experts as part of a communications plan? Are roles and responsibilities clearly defined? When was the last time you tested your incident response communications plan?

Visibility

Good visibility into your network activity is essential for detecting the potential activities of advanced attackers, much of which are commonly undetected by traditional security tools such as antivirus or a firewall. Monitoring everything is not feasible, nor is it recommended. Therefore, the organization’s ability to identify and monitor critical assets and components involved in the processing, storage, and transmission of sensitive information is essential.

Having the capability to detect the presence of advanced persistent threats (APTs) with a minimum of false positives is critical to effectively analyze those alerts. Many organizations receive lots of noise from their SOC or SIEM tools, which negatively impacts visibility since the security team simply cannot analyze hundreds or thousands of alerts per day.

Intelligence

Most organizations prioritize intelligence to get familiar with the identity, motivations, tactics, techniques, and procedures (TTPs) of the attackers. Having good intelligence about attacker identities, motivations and TTPs is key to developing strong capabilities to prevent, detect and respond.

Response

When breaches occur, speed of response is critical to mitigating damage to the organization.  Having a response plan developed is not enough; you need to test the plan on a regular basis.  In addition, it is also highly recommended that organizations have an incident response retainer in place with a cyber security-consulting firm that specializes in responding to advanced attacks.  A retainer allows a company to establish the terms and conditions for providing services in event of a suspected or confirmed breach.  This can significantly reduce response time, and reduce the impact of the incident by responding to and containing the incident quickly.

Metrics

Companies should use effective cost-benefit metrics to monitor the health and effectiveness of incident response processes and how they contribute to the achievement of information security business goals and objectives.  Continuing to assess your effectiveness by using metrics is an essential part to ensure your IR response capabilities are being tested and maintained.

CONCLUSION

Organizations should look to evolve their approach to security from a compliance-based reactive program to a proactive, business risk-focused program with advanced threat protection. This will help to close the gap between the organization’s capabilities and the attacker's capabilities, reducing the risk of compromise.


Recommendations for evaluating and strengthening your organization’s security posture and becoming breach-ready include:


  • Engage an expert in incident response and advanced threat protection capabilities
  • Assess the organization's protection and security incident response capabilities in tools and personnel
  • Create a strategic and tactical roadmap with the prioritized recommendations to improve the maturity of the incident response practice
  • Implement the roadmap initiatives and ensure you have an Incident Response company under a retainer as a safety net and to support your action when it matters most.

Analyze your security system


Lead Image