Fundamentals of Security Incident Response - Beyond a Pandemic
The rapidly expanding remote workforce introduces new challenges when it comes to identifying your organization’s vulnerabilities and responding quickly. However, the fundamentals remain the same – identify, protect, detect, respond, and recover.
COVID-19 presents more challenges in the race against cybercriminals to protect your information security In a recent article by Aruba Networks, cybersecurity experts were interviewed about the challenges a remote workforce creates for organizations, how to respond to cyberthreats, and how the threats themselves are changing.
“The ongoing COVID-19 pandemic makes it more difficult to respond to a threat in progress. Being proactive is crucial, and the best time to update your strategy to reflect a shelter-in-place workforce is the same for every business, large or small: yesterday.” says Curt Hopkins, Aruba reporter.
The Cost of a Data Breach
Data breach impacts can vary greatly between organizations depending on numerous factors like industry, size or geographic location, however the average global cost is reported to be $3.86 Million USD. This number is alarming for any company, but particularly grim for small to mid-sized businesses. Especially considering that the majority of attacks target the SMB market and 60% of those compromised fold within 6 months of an attack.
Ransomware can block you from vital resources and data, though the response approach varies depending on what has been compromised – and what the criminal has corrupted. For example, a workstation that has been attacked by ransomware is easily solved by rebuilding the machine, causing minimal downtime. On the other hand, if a data center is compromised, the results can be disastrous. For a multitude of businesses, they are willing to payout ludicrous amounts of dollars in cryptocurrency to cybercriminals because the potential loss is so considerable.
“Even if you can find a way to pay, can afford to pay, and have a trustworthy enough criminal… it still doesn’t mean you’re going to survive the attack,“ says Drew Simonis, deputy chief information security officer at HPE. Even if you pay a ransom, repairing the damage from a ransomware attack with security keys provided by a criminal can still mean months of downtime. How much lost productivity can your organization survive? “For a large company, it may be sustainable,” says Simonis. “For a small company? That could put them out of business.“
Construct a Cybersecurity Focus
Cybersecurity attacks are countless in the different types an organization could face. The National Institute of Standards and Technology’s (NIST) cybersecurity framework is a one-size fits all method! Identify, protect, detect, response, and recover. This step-by-step process for assessing vulnerable systems, removing those vulnerabilities, paying immediate attention to the damage when an incident does occur, countering the breach and resuming again, and most importantly eliminating that weak spot.
Responses are difficult when it comes to remote workforces. Although the fundamentals are the same, COVID-19 has created many more opportunities for cybercriminals to attack organizations. In April 2020, the World Health Organization reported dealing with five times more cyberattacks than usual.
Google’s Threat Analysis Group warns that phishing attacks directed at the general public are masquerading as government services. “In a post-pandemic world, it’s [still] going to be email and communication boards, social engineering attacks … they’re going to have a much better uptake rate.” COVID-19-related attacks—like phishing attempts disguised as COVID test results—are particularly dangerous. “We all have a more porous social engineering filter than we had before,” the group says.
“What you have to be able to deal with is an environment in which you can’t trust messaging that originates from outside your organization. Any time someone from the outside asks you to do something, you should be suspicious,” says HPE’s Simonis. He suggests verifying unusual requests as much as possible—even if it means making a phone call.
Eradicating human vulnerabilities includes building systems that are prepared for the inevitability that people are going to eventually slip up and make mistakes. “Assume all of those procedures are going to fail,” says Thompson. “No matter how many times you train somebody not to click on something, they’re going to do it anyway.” The key is to put tools in place that pick up where people fail, such as identifying anonymous logins, even if a user’s credentials check out.
Action you can take today
To develop a sophisticated response plan – you will need more than conscientious backups. “Almost all ransomware waits three days to get through two or three backup cycles before they actually ask for the money,” says Gary Campbell, security chief technology officer at HPE. And your backups may not be enough to prevent potentially lethal damage. “In the data center, it takes six days to re-image a server typically—assuming the backups are good,” he says. If you have thousands of servers, the cost and downtime associated with rolling back may be worse than paying the ransom.
Devising an effective incident response plan is a uphill struggle for organizations of any scale. A tabletop exercise is one of the best ways to prepare, and it’s something any business can do. These exercises simulate a breach on paper and put your team’s training and decision-making to the test. “Go through the process and see where your capability gaps are because you’re going to need to supplement those with third parties,” explains Simonis.
According to Simonis, just about everyone has a plan—but being able to put it into play is another story entirely. “People don’t drill their plans. They don’t practice their plans in a serious kind of way,” he says. “[What is] more common than not having a plan [is] having a plan that is very dusty and doesn’t actually work.”
Knowing what to do when your plan is tested—and knowing what to do when your plan fails—is just as important as having one in the first place, Simonis says, citing boxer Mike Tyson’s famous quote, “Everyone has a plan until you get punched in the mouth.”
In the face of rapidly growing cyber threats, all organizations need an effective ongoing cybersecurity program. Every day organizations of all sizes are becoming victims to viruses and ransomware infections that steal data and demand money – with no real promise of ever giving it back – or financial loss through fake requests for payments.
One-time cybersecurity projects like installing anti-virus software or setting up firewalls are important, but they only protect one piece of the large puzzle. A robust cybersecurity response program that can protect your organization from ongoing threats should answer these three central questions:
How secure is our organization today?
What is the appropriate level of cybersecurity for our organization?
How can we improve cybersecurity practices to meet business objectives?
VoDaVi’s signature Managed Cybersecurity Services cover it all! Our IT solutions carve the path for organizations to modernize infrastructure and optimize workflow like never before. Our Security services provides a wide variety of technological capabilities to boost efficiencies, enhance security and allow infinite scalability for future growth. With our resources and expertise, we’ll help maximize your organization’s productivity and security! Get started with a risk-free consultation today! Or Contact us directly (866) 896-1777 or email Info@VoDaViTech.com to learn more.