[BreachExchange] Protecting Your Organization with Automated Cyber Security Incident Response

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 28 18:46:18 EDT 2016


http://www.tmcnet.com/sectors/security/articles/423523-protecting-organization-with-automated-cyber-security-incident-response.htm

Recent news reports about massive data breaches have unfortunately, quickly
become commonplace. Now, the conversation has increasingly turned to
ransomware. If you’re not yet familiar with ransomware, it is the latest
method cyber criminals are using to infiltrate the computer systems of
unsuspecting victims and demand payment in return for data and files. It
is, for all intents and purposes, electronic, anonymous extortion and it’s
taking the cyber-world by storm. Furthermore, it’s not just individuals
that are being targeted but corporations and organizations of all sizes
that are at risk.

The recent high profile attacks on healthcare organizations and the latest
warnings of new strains of ransomware make us wonder, where will this end?
Unfortunately, the ever-evolving threat landscape promises that this will
certainly not be the last of it, especially as we see extortionware rapidly
gaining more notoriety.

So the question becomes, what can organizations do to better prepare for
and protect against these potentially devastating threats?  Even those that
feel they have made great strides in this area by implementing several data
security tools are still struggling to cut through the noise and achieve
true security.

Organizations of every shape, size and industry must be vigilant about
understanding the current risks and take the appropriate steps to protect
themselves and their critical information.

What’s the real risk of ransomware?

Just about everyone in the IT realm has reluctantly become familiar with
traditional cyber-attacks in the form of malware, but ransomware has upped
the ante by providing a faster, more effective way for intelligent hackers
to get rich at the expense of others. The monetary costs associated with
the ransom, however, are the least of the problem. It’s the fact that in
the process, these criminals are gaining access to sensitive data – data
which, if used maliciously, can very well impact the ongoing success of the
business as a whole.

What can be done?

The problem with ransomware, as with its older brother malware, is that
it’s not only effective, but it’s incredibly persistent. Many individuals
and businesses alike that believed they were adequately protected have
fallen victim simply because the security measures they had in place were
not up to the challenge of the relentless attempts by the enemy.

When considering how to improve your ability to protect your data,
detecting threats quickly and effectively is a perfect place to start.  A
strong Incident Response process could save you from serious trouble,
because even a short amount of time after compromise and before response
can be devastating.  And while in many cases good initial steps are taken
to detect incoming threats, limited staffing and an incomplete process can
mean that incidents can easily slip through the cracks.

The good news is there are ways to fortify the cyber security incident
response process without having to hire additional personnel.  There are
new technologies emerging today that automate Incident Response, so that
systems are always being monitored, events are immediately identified and
valuable, enriched data is provided – all leading to a faster response and
minimized damage.

Automated Incident Response is designed to be closed-loop, leaving no
holes, so that it can handle the onslaught of attacks. The right automation
tool will integrate seamlessly with existing event monitoring systems. The
moment an attack occurs, not only is it instantly detected, but the
incident is then automatically assessed, verified and prioritized. From
there, the appropriate action can then be taken, whether it’s the
triggering of an automated workflow to address and defend against the
threat electronically or the alert and escalation to the appropriate human
decision maker for further input.

Essentially, automation is like a bridge that connects and coordinates the
entire incident response process to make it stronger and more effective. It
also helps to address the problem of increased persistence of attacks. With
automation, there is no need to worry about staffing issues as it provides
round-the-clock protection. This ensures that no incident, no matter how
seemingly insignificant, is allowed to slip through the cracks undetected.

Everyone is at risk…

Think all of this won’t affect your organization? Think again. In fact,
according to Gartner (News- Alert), by the year 2019, 40 percent of large
enterprises will not only benefit from, but will actually require the
implementation of specialized, automated tools in order to meet regulatory
obligations in the event of a serious information security incident.

In other words, nobody is safe. The best way to protect your business is to
take a defensive stance and proactive measures that include incorporating
automation as an integral component of the cyber security incident response
process. Only by adopting this strategy can you truly protect your precious
data as well as your well-earned reputation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160728/2d413bd3/attachment.html>


More information about the BreachExchange mailing list