[BreachExchange] Five steps to effectively manage a cyber-attack
Audrey McNeil
audrey at riskbasedsecurity.com
Wed Aug 24 17:51:53 EDT 2016
http://www.freshbusinessthinking.com/five-steps-to-effectively-
manage-a-cyber-attack/
Given the rising frequency of increasingly malicious and innovative
cyber-attacks organisations have to be prepared and proactive. It is no
longer a question of ‘if’ but ‘when’ your organisation will have to deal
with a cyber-attack. The cost of a cyber security breach is significant—in
terms of money, business disruption and reputation. Depending on the
magnitude of the attack, a cyber incident can potentially put you out of
business.
According to UK government research, two-thirds of UK big businesses have
been hit by a cyber attack in the past year. UK telecoms group Talk Talk
suffered a high profile attack in October 2015 when hackers stole personal
data from customers. According to Talk Talk, the cyber attack it suffered
wiped £15 million off trading revenue as well as forcing it to book
exceptional costs of £40m – £45m, and losing it up to 101,000 customers.
The best course of action for a business that is attacked is a swift and
effective response. A cyber security strategy with efficient incident
response (IR) capabilities coupled with customer engagement initiatives
helps limit the damage and ensures that the business is back up and running
as soon as possible. It’s also important to reach out and engage with
customers following to regain customer confidence.
An effective IR strategy navigates the following five phases:
Identify
Information on events is collected from various sources such as intrusion
detection systems and firewalls, and evaluated to identify deviations from
the normal. Deviations are then analysed to check if they are sufficiently
significant to be termed an event. The use of automation tools ensures
swift detection and eliminates delays in moving to the next phase,
containment. Once a deviation is identified as a security incident, the IR
team is immediately notified to allow them to determine its scope, gather
and document evidence, and estimate impact on operations. Businesses can
bolster this process by incorporating an effective security information and
event management (SIEM) system into their overall cyber security strategy.
Contain
Once a security event is detected and confirmed, it is essential to
restrict damage by preventing its spread to other computer systems.
Preventing the spread of malware involves isolating the affected systems
and rerouting the traffic to alternative servers. This helps limit the
spread of the malware to other systems across the organization.
Eliminate
This step focuses on the removal of the malware from the affected systems.
IR teams then conduct an analysis to find out the cause of the attack,
perform a detailed vulnerability assessment, and initiate action to address
the vulnerabilities discovered to avert a repeat attack. A thorough scan of
affected systems to eradicate latent malware is key to preventing a
recurrence.
Restore
In the restoration stage, affected systems are brought back into action.
While bringing the affected systems back into the production environment,
adequate care should be taken to ensure that another incident does not
occur. Once these systems are up and running, they are monitored to
identify any deviations. The main objective is to ensure that the
deficiency or the vulnerability that resulted in the incident that was just
resolved does not cause a repeat incident.
Investigate
This is the last step and entails a thorough investigation of the attack to
learn from the incident and initiate remedial measures to prevent the
recurrence of a similar attack. IR teams also undertake an analysis of the
response to identify areas for improvement.
Protect your organisation from attack
What enterprises need now are effective cyber security solutions to
monitor and provide real-time visibility on a myriad of business
applications, systems, networks and databases. There has been an increasing
realisation that basic protection tools for important corporate information
are no longer sufficient to protect against new advanced threats.
Furthermore, enterprises are under tremendous pressure to collect, review
and store logs in a manner that complies with government and industry
regulations.
Countering focused and targeted attacks requires a focused cyber security
strategy. Organisations need to take a proactive approach to ensure that
they stay secure in cyber space and adopt a robust cyber security strategy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160824/2c898256/attachment.html>
More information about the BreachExchange
mailing list