This week on our blog, we have a guest post from Edith Santos who is Global Director, Incident Response at NTT Security.
In today’s digital age, cyber attacks and data breaches are becoming a norm to the point where people and businesses have become desensitized to hearing of such attacks. When they have fallen victim is when they begin to scramble to get their organizations back into operational order.
Are you prepared, and do you really understand the implications of a breach? Consequences of a data breach include loss of revenue, cost to recover and loss of reputation. Our Risk:Value Report shows that the estimated cost of recovery has increased to $1.52m per data breach and anticipates it would take 57 days to recover from the breach. All this negatively affects an organization’s reputation.
Do you have an incident response team in place? f you do, is your incident response team ready to respond? A strong incident response team must be able to address any type of scenario such as a phishing attack, malware outbreak, ransomware, business email compromise, DDOS attack, insider theft, data exfiltration and other scenarios. Everyone on the team must understand what their role is how to execute.
In addition to the technical team members, an effective IR team should also include a member of regulatory compliance, legal, HR, public relations, and executive leadership members. A member of the legal team can assist with navigating loss of data that may result in legal proceedings while a regulatory compliance member can help with reporting time lines and possible repercussions of not reporting in time. A HR member can help draft policies and procedures and properly remove employees engaged in unauthorized or illegal activities, such as data exfiltration. A public relations team member can help address press inquiries and prepare statements and guidelines for disclosing information.
How often does your incident response team practice for an incident? Digital forensics and incident response are disciplines and not a talent. People aren’t born with the talent to respond to cyber security incidents or carve files from unallocated space. It is a discipline that takes training and continuous practice to keep pace with evolving technology and new methods used by attackers. Let’s put this into perspective, every school in the United States must have a mock fire drill at least once a year, other schools have more than one depending on State laws.
Even though every teacher and student must practice at least once a year for a mock fire drill, when was the last time you heard of a school fire? Yet, all schools in the USA, who have fire-extinguishing systems, must conduct annual mock fire drills. The same applies to your incident response team. Simply because a security infrastructure is in place and there hasn’t been an incident in years does not mean the IR team stops practicing. Every time they practice, something new is learned and response time increases. Does the incident response team comprehend when, why and how to collect evidence? What type of evidence is available and where do they acquire it from? How and where is evidence preserved and how long should it be preserved in case of a future legal proceeding? These are some basic questions organizations should address before falling victims to a cyberattack or breach.
It is due diligence and preparation that will align an organization in a much better position with customers, regulators, and in a legal court room than those who do not prepare at all. Regardless of all security put into place, nowadays, there is a high probability of falling victim to a cyberattack, as many before you have, and you will be judged not by the fact that you were breached but by how well you responded. Do not become desensitized, learn and practice to respond.