When it Comes to IT Security, Incident Response is Key
As many well-known organizations learned the hard way this year, security breaches can not only impact the bottom line, but they can severely damage your reputation. If people feel they cannot trust a retailer like Target or Home Depot without risk of their financial information being compromised, they simply won’t do business with them. It’s enough to put even the most successful company on the road to ruin. The problem is, security breaches like this happen on a much smaller scale by the millions each and every year.
Organizations of every shape, size and industry are vulnerable to hackers and would-be online thieves who prey on any opportunity they can get their hands on. So, how can businesses protect themselves from such a disaster? The answer lies in quality incident response.
What many companies mistakenly do is place all their trust in detection, like malware. But, as the entire world learned following the Target debacle, this strategy isn’t always fool proof. In fact, if you’re not handling incoming incidents the right way, you could be placing your business in the same position as the others that have traveled down this dangerous and costly path.
Simply put, when it comes to maintaining the integrity of your sensitive data, prevention is always the best approach. Of course, there is no way to achieve 100% protection. You can come close, however, by designing a complementary incident management strategy that marries prevention with sound IT security practices. This ensures that in those instances when attacks manage to slip through the security measures that are in place, the incident response process will serve as a second line of defense.
Tips for Setting Up Your Own Incident Response Team
- Choose the right personnel. This can include employees from within the organization who are at different levels and possess various skillsets. Generally speaking, most incident response teams are made up of workers with the following credentials:
o System Administrators
o Network Administrators
o IT Managers
o Software Developers
o Security Architects
o Disaster Recovery Specialists
o Chief Technology Officers (CTOs)
Maintain accurate logs of applications, networks and operating systems. These should be checked daily by network administrators to ensure that all software is logging properly. Use of log analysis programs is also recommended
- Logs should be automatically backed up and stored not only locally, but also externally. This is essential to proper recording and analysis
- Ensure that all incidents are documented, both for auditing and compliance purposes as well as for future enhancements to IT best practices
- Use quality software products that can improve the process and visibility of incident ownership
- Incorporate IT automation into the alert management process to improve prioritization, delivery and escalation of critical incidents
- Establish a balance between reactive services (incident management and documentation) and proactive services (security audits, intrusion detection system maintenance, security strategy development, pre-incident analysis)
- Set and implement schedules for all proactive service activities
- Enlist a third party to conduct penetration tests at least once a year
Additionally, the team tasked with handling incident response should be made up of the following subsets:
- Team Lead – member in charge of all incident management activities
- Incident Lead – member who reports directly to the Team Lead and coordinates all incident responses
- IT Contact – coordinates communications between the Incident Response Team and IT Department
- Legal Representative – member possessing experience in IT security policy and incident response tasked with mitigating risk of litigation
- Public Relations Officer – handles all communications regarding security incidents
Given the fact that cyber risks are at an all-time high, and with criminals learning newer, more sophisticated ways to hack, there has never been a more critical time for businesses to employ proper security measures. The most effective way to do so is by developing and implementing a quality incident response strategy. The tips highlighted above should provide a good foundation and help establish your organization in a much more secure position moving forward.