Normally, it takes around 6-months for an organization to realize that their system is infected with malware or data breach. This is a good time for the hackers to play around and get the maximum out of it. So it is quite obvious that the organization will not have enough time in hand to mitigate the incident at a quick pace. So it is always a good initiative that the organization should have best practice in place to keep their infrastructure safe.
The fundamental thing of cybersecurity best practice is to be able to respond for an incident that meets all of the needs for compliance, business operations, and threat mitigation. Every business operations related to your business is the lifeline and needs constant attention.
Pravin Kothari, CEO of CipherCloud says “Your security operations center team must continually strive to reduce this number,” he said. “Anything measured in days, let alone weeks or months is unacceptable as this allows the attackers to exfiltrate data.”
What kind of Incident Matters
Daniel Norman, a research analyst at the Information Security Forum, emphasize how the response is solely based on the kind of cyber incident you’re dealing with. Threat events may fall anywhere on the spectrum of cyber attacks. A simple malware attack, to a highly targeted, sophisticated “multi-pronged attack” that could possibly jeopardize your systems. He emphasized how organizations should prepare accordingly
Plan Ahead
Once you are aware of what type of cyber attack you’re dealing with, you’ll be able to hit the ground running. Luckily, most formal incident response frameworks from groups such as SANS or NIST provide an outline of six phases that must be addressed when dealing with any type of security incident, noted Nathan Wenzler, senior director of cybersecurity at Moss Adams. Those phases are:
- Preparation
- Discovery
- Containment
- Remedy
- Recovery
- Compliance is Important
Organization worries about breach and issues related to compliance, harm to reputation, and ultimately the impact on revenue.
Cybersecurity experts focus more on the technical aspects of the attack, from beginning to end. Compliance is important to them, but only as it impacts basic requirement.
Hopefully, with the best practices and response plans in place, it will reduce the time significantly, and any likely serious damage can be prevented.