With each new day bringing a new story of data breaches and hacks, it is critical that companies consider how they will respond when they find themselves a target of an attack. From assembling a plan and a team in advance of a hack, to performing post-mortems after an incident has be addressed, businesses need to consider the full cycle of incident response.
An article in Security Boulevard details how any process should start with the assembly of a Cyber Security Incident Response Team (CSIRT), consisting of not only those with the technical skills to perform incident response, but also those with the authorization to make organization-wide decisions, like taking critical systems offline, if needed. Backups should also be identified for team members, to ensure a team won’t be left short-staffed in the event of holidays or departures from the company.
Once a team is assembled, members should perform a detailed review of company systems to determine critical systems and resources, to analyze the scenarios and types of attacks that are most likely to occur, and to prioritize the order of responses in the case of multiple events or incidents. The team should also work together to pool their knowledge as to the best approaches for responding to each type of event, while also establishing procedures for logging each event and the actions taken, to assist in determining effectiveness.
While having a well-trained CSIRT will have benefits in terms of minimizing downtime in the event of an incident or attack, it also offers significant legal benefits, through the demonstration of compliance with new regulations, like the European GDPR, which governs laws around data protection. By investing in your team in advance of an incident, risks to both productivity and finances can be minimized.
Source:
https://securityboulevard.com/2019/08/a-cyber-incident-response-plan-for-your-web-applications/
