The other day I met with an executive whose company had recently been hacked. He looks me in the eye and says, “It’s like I paid someone to punch me in the face…Repeatedly!” Getting breached is a huge pain that costs a lot of money, productivity, time and your reputation can suffer as well. The simple fact that there was nearly an 80% increase in data breaches in 2012 means that it is now more important than ever to have an Incident Response Plan in place.
It is no longer a matter of “if” your business will be compromised, but “when”.
The worst time to realize that you are not prepared for a security incident is when a breach occurs. For the record, getting hacked is defined as an incident, an IT anomaly that requires further investigation. How you handle it is your response. The term “Incident Response” is the method of contending with a breach.
The old Boy Scout motto “Be Prepared” could not be more applicable when it comes to incident response and readiness. The list of threat agents attempting to get in your network includes cyber criminals, hackers, terrorists and even disgruntled employees. They are organized, persistent, effective, and wait patiently to strike. Once your organization has been breached they target financial records, customer data, intellectual property, and some go as far as shredding your organization.
More specifically, incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
Preparation, identification, containment, eradication, recovery, and follow-up
According to the SANS Institute, computer security incident handling can be divided into six phases: preparation, identification, containment, eradication, recovery, and follow-up. Understanding these stages, and what can go wrong in each, facilitates responding more methodically and avoids duplication of effort.
An organization’s incident response is conducted by the computer incident response team, a carefully selected group that, in addition to security and general IT staff, may include representatives from legal, human resources, and public relations departments.
Without a comprehensive integrated Incident Response Plan, decisions are made ad hoc and the probability of taking the wrong action is high, putting the organization at risk including delaying containment and resolution.
So you’ve been hacked… be sure to follow your organization’s incident response plan; and if you don’t have one, get prepared now!