8 steps to respond to security incidents
You can't avoid security attacks, but you can prepare for them. When you have plans and processes in place, responding to the incidents is faster and more effective.
Let’s face it. It’s highly likely that your organization will – sooner or later – be attacked.
This is a fact you can’t avoid: Viruses and hackers will come knocking on your virtual door. When the worst thing happens and you detect a breach, it’s time for incident management.
Here are my guidelines to succeed in responding to security breaches.
1. Be the not-so-hasty boy scout
You don’t need to get cynical about the general growth of incidents, but being oblivious of them will cost you. Hope doesn’t work very well in security.
Being prepared is the way to go about it and avoid a lot of hassle – both in mgmt and in execution process.
2. Ensure you have a process in place
When stuff hits the fan, time is money. If you detect something fishy in your network and data systems, you need to have a clear procedure in mind and action plan ready.
This includes both technical maneuvers as well as internal and external communications. You also need authority: even the best plan does not help if you can’t execute it.
3. Choose optimized monitoring tools
Ensure that you are able to find the malware or breaches as soon as possible. The longer incidents stay undetected, the more harm they will do. This is where you will need to implement quite a few technical systems too...
4. Find out the full status
Find answers to questions such as what happened, when, what were they after, were they successful, how our business was impacted, what do we do next etc. Good old fishbone.
Remember to report incidents to keep management and business partners informed.
5. Safeguard evidence
Usually it’s important not to alert the bad guys that they've been spotted. This helps in finding out what has happened and gathering evidence for future refund claims.
6. Contact authorities
Contact authorities if there is criminal activity. As the new General Data Protection Regulation is put into effect this must be done for breaches after activation for the citizens’ data.
7. Learn from it
There are different incidents, big and small. While you should prepare your organization for big breaches, the smaller attacks are the most important learning points. They give you a valuable opportunity to fine-tune and improve your security infrastructure.
8. Train your staff
Learning by doing is not the best strategy for security issues. As we pointed out earlier, your whole staff needs to be aware and have up-to-date skills on security.
Reading about swimming does not make you a swimmer, and the same applies to security. So practice with security audits.
That’s it! Organizations don’t need to do this all by themselves. The most suitable option is to have the best security partners and response teams at hand.
If you want to talk more about our ecosystem, we are here.