In the first of this two-part series, Olivier Spielmann VP of managed security services EMEA at Kudelski Security discussed the factors that drive the need for a more comprehensive approach to Incident Response. The question of how to prevent cybersecurity attacks is never straightforward, but as cyber security attacks increase – especially over the festive period – there are five things that every security leader can do to improve their incident response capabilities and limit the impact of a breach.
Generally speaking, many of the same technologies and capabilities that contribute to a strong and mature cybersecurity posture also improve your ability to conduct rapid and effective incident response. As shown in the previous blog post, the overlap between the best ransomware prevention strategies and cybersecurity hygiene is significant.
Training your teams to follow well thought-out incident response plans — even when under immense pressure — is essential. So is the ability to detect incidents rapidly with 24/7 security monitoring and proactive threat hunting.
It’s also vital to involve senior management and the board in incident response planning since the business implications of a large-scale crisis are extensive.
Beyond this, we have five specific pieces of advice.
Contents
#1: Take a proactive, holistic approach to incident response.
We’ve mentioned this already, but it bears repeating. A proactive approach to incident response involves a broad array of cybersecurity functions and capabilities, including but not limited to:
- readiness assessments,
- ongoing security monitoring,
- vulnerability management,
- threat intelligence,
- red teaming training,
- and program remediation.
It’s essential to assess and strive to improve your security operations in their entirety.
#2: Continually assess and improve your security capabilities.
In a world of rapidly evolving technologies and even faster-evolving threats, change is the only constant. The only way your security program can hope to keep pace with these developments is to perform ongoing self-assessment and strive for continuous improvement.
#3: Be ready to respond to current real-world threats.
The threat landscape and latest attack tactics are changing on a daily basis. Infusing current, high-fidelity threat intelligence that’s relevant to your organization’s size, industry and unique risk models into your incident response planning can help you prioritize effectively.
#4: Create immutable backup strategies.
In the past, backup solutions were often designed to make it as quick and convenient as possible to restore data. Ransomware operators now try to take advantage of that capability – for easy, speedy restores – and leverage it to encrypt or destroy backups. What’s needed today are immutable backups that even users with administrative credentials cannot delete.
#5: Understand the challenges that come with moving the cloud.
Making use of containers, Kubernetes and microservices-driven architectures can introduce new efficiencies and greater flexibility into your operations. However, if your team hasn’t been trained on how to manage your new cloud environment securely, you’re likely to increase your risk exposure. The move to the cloud will require new approaches to secure identities, data, and applications as well as new backup strategies, and a new understanding of configuration management.
Get in Touch
A solid approach to incident response can take time to get right. It includes a wide range of activity from risk exposure limitation and good governance, to continuously improving technical infrastructure and security controls.
Here at Kudelski Security, our Cyber Fusion Centers (CFCs) have helped more than 250 organizations manage serious incidents over the past year and helped hundreds more get better prepared. This means we’re managing major incidents on an almost daily basis, and we’ve gathered extensive experience along the way. If you’re interested in leveraging our incident response and preparedness services, get in touch with our team here.