• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsletters
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Resources
  • Webinars
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Newsletters
• Training

WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Incident response: digital fire drills are the road to faster recovery

By Nick Pollard.

The cyber landscape has evolved dramatically over the past few years. Cyber criminals have become more skilled at evading detection and advanced threats are the order of the day. This means that cyber attacks can go unnoticed for days, weeks, even months, and in some cases, the breached organization is oblivious to this fact until a customer, partner, supplier or even law enforcement agency informs them.

The importance of incident response
According to a recent Gartner report on advanced security threats, targeted attacks are penetrating standard levels of security controls and technology alone will not solve the problem. The analyst house further advises that organizations need to focus on deploying incident response plans to mitigate the effects, as they will then be able to establish where the attacks have come from, and ensure rapid reaction and diligence in dealing with the threat.

As cyber criminals are able to extract data from a breached organization within a few minutes, the damage that can be done when left unnoticed and unattended over a period of weeks and months are unfathomable. The faster that digital forensics can be carried out, the better chance the organization has to identify the risk; triage, to determine which threats need immediate action and which can wait for analysis later, recover; and then take all necessary steps to make sure it doesn’t happen again.

When you’re under cyber attack
That fact is that any business can – and will – be breached at some point. In fact, most companies will be breached more than once. However, confusion often reigns as to who should respond, and how. In large organizations, where there may exist complex lines over who owns what assets and processes, such decisions are never easy. Determining who should respond to each incident when it’s already underway, wastes valuable time. This approach does not exist in the physical world so why should it in the digital world where we are probably more vulnerable than we realise?

Practice your digital fire drills
With the increase of security incidents, organizations can practice regular ‘digital fire drills’, to be prepared for when the inevitable attack or breach does occur. With the hostile business environment today, it makes sense for organizations to focus on defending their environment with technologies such as firewalls, anti-virus, intrusion detection systems, and the many other defensive tools available. However, just as fire prevention isn’t only about safety awareness and better building codes – it’s also about smart response, fire alarms and a fully trained and equipped fire department at the ready – IT breach incident response should be the same way.

So although many organizations may think that they have robust security policies in place, how well drilled are they at responding to security incidents when these occur? When was the last time that these procedures were tested? Do employees from all departments know what to do just as they would when the fire alarm goes off 11am on a Tuesday morning?

The missing link
A fundamental part of incident response is to understand the abilities and limitations of the organization. Does it have the resources necessary to respond to outbreaks manually, or would network-enabled response help the team to save time and effort? Preparation needs to include having clear and up-to-date knowledge of where sensitive and regulated data is stored.

One of the problems is that, for too long, there has been a missing link between the systems that alert to an attack and the response tools. The missing link is the ability to rapidly triage, then uncover the genuine threats and discover their source, scope and threat to the endpoints on which they’ve been unleashed. This intelligence becomes vital information that can be used in minutes to fight the attackers early.

Practice makes perfect – the human element
The need for communications across various departments was highlighted recently when I was involved in a case where the company in question was convinced that they’ve come under cyber attack. However, within a few moments of starting the investigation, we realised that in actual fact, it was just the IT department undertaking an upgrade – unbeknown to most of the organization: who immediately suspected the worst.

Although most firms across all sectors and industries believe they have robust security systems in place, the weakest link in the chain often are the employees. From clicking on a spoof email, to downloading software on their PCs, where the IT department is not always involved, I cannot stress enough that organizations need to educate employees on an ongoing basis. By practicing regular digital fire drills, organizations and their employees will be empowered with knowledge and tools to limit the damage and ensure the organization is on the fast road to recovery.

Author
Nick Pollard is senior director, Professional Services EMEA & APAC, Guidance Software.

•Date: 11th April 2013 • World •Type: Article • Topic: BC testing & exercising

Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.