What is Incident Response Management

Incident Response Management is an organised strategy for addressing and managing the aftereffects of a security breach or cyber-attack, also known as an incident involving IT, computer incident or security. The purpose is to control the situation in a way that limits harm and reduces the time and cost of recovery.

The threat of cyberattacks are looming above all organisations. There are multiple causes that can result in things going wrong – besides cyberattack, a technical misconfiguration or even a human error can cause a problem. This means every organisation should take extra care to protect their IT and operate in such a way that if anything happens, they should be able to deal with it.

An Incident response plan gives you clarity on how to effectively handle a cyber-attack, whether it is a malware, ransomware, or a DDoS attack, which are common attacks targeted at businesses or celebrities. An example of a Recent attack is the REvil Ransomware attack on the high profile law firm, used by Lady Gaga, Drake & Madonna. No one is immune, which is why regular assessment of incidents is important. Of course, companies have to make sure that at least one of their backups is offline.

The organisation should be constantly checking on what can go wrong and how to deal with it, because the response to any incident matters a great deal. In fact, that could be the difference between a minor error and a major disaster. That is a reason that fire drills are practiced. 7 Ps – which is a British Army adage for Proper Planning and Preparation Prevents Piss Poor Performance – also explains the importance of Incident Response Management.

Time is The Key

Timely response is the key to detect any vulnerability. The longer it takes to detect an issue, the more chances for a serious incident. For e.g. there may be an unpatched system or anti-malware software in your infrastructure which is not updated, Cyber criminals are waiting to exploit such loopholes.

There may be chances that the organisation discovers the breach not in days but in weeks or months – generally brought to notice by the auditor. As per one study, it takes around 175 days to identify a breach – and Ponemon’s Report estimates the global average cost of data breach to be in the range of $3.92 million.

If the organisation wants to stay in control of the situation, then Incident response management is vital. It allows the company to take the necessary actions in time and avoids any disruptions.

Cyber Security Laws & Regulations

1) GDPR (General Data Protection Regulation) –

The GDPR states that all organizations must have technical and organizational measures to ensure of a higher level of information security. Incident response plan should be implemented to refrain any damages when it comes to data breach and to prevent further incidents or breaches from happening again.

Also, when it comes to a personal data breach, the cyber victim must report without further delay and not later than 72hours after discovering the breach.

2) Networks & Information Systems (NIS) Directive –

Networks and Information Systems (NIS) a legislation which has a wide range of network and information security needs across EU member states to augment IT security. This NIS directive focuses on various elements such as Incident Response, but their prime focus is on Breach notification requirements.

As per the GDPR and the NIS Regulations, Incident Response Management is a compulsory requirement. If any organization isn’t following those response measures, then it constitutes in brand loss and also leading to heavy fines, i.e. 4% of global turnover or around £17.6 mil.

The Incident Response Management Process

Teceze approach for incident response is based on ISO 27001, International Standard for Information Security. This is further broken down to ISO 27035 which defines the guidelines for incident management.

1. Identification

Risk Assessment is the first step which is conducted by connecting at a mirror port which gives a status report after having been run in the network for several week. Based on the score of the assessment, threats can be taken care of step by step.

2. Reviewing the Latest Version

Checking whether the existing systems like the antivirus are patched, as per the latest versions. Setting periodic updates, and also assessing the physical security such as CCTV is very important. Reviewing the existing infrastructure and completing the documentation.

3. Estimating Time Involved in Resolving an Issue

This is an important process that defines priorities based on the score level and how much time will it take to recover after an incident.

This process will also help in understanding, how quickly each incident can be resolved and will help in knowing the recovery time for each activity

4. Testing Scenarios

Organisations must test different scenarios as per the standard checklist. Testing these steps has to be done every quarter, half yearly or annually. Doing this periodically will ensure that, the steps remain effective and that they are documented. Testing also enables the team to respond as efficiently as possible.

5. Conducting Training

Technical misconfiguration or Human error are the major reasons for the majority of security incidents.

Training plays an important role in creating the awareness among the staff to avoid mistakes.

The Incident response Management team should receive additional training on their role, related to incident notification, reporting and scenario testing.

6. Continuous Improvement in the Process

Like other processes, incident response processes should be regularly reviewed to consider emerging threats, where the current process needs to be updated to handle it effectively.

Needless to say, the steps outlined here should be repeated on half-yearly or annually basis or in case, there is any major change in the organisation.

Are You Experiencing a Cyber Security Incident?

We have an experienced and certified team to pick up things quickly and help you respond effectively. No matter what the problem is, we can most probably help you to address the situation by optimising your existing infrastructure and provide the support, wherever required. Thus, based on the above-mentioned steps, we can help you in improving the security posture of your organisation.

Incident response is vital to every organisation. Teceze is helping its clients to proactively build resilience and help in creating a good security posture by enhancing their existing capability. This is done by monitoring solutions, training, internal security analysis and last but not the least – support from our incident response team.

Finally, Our SOC is a one stop shop for managing cybersecurity related incidents by identifying, investigating, remediating & more importantly reporting. Do contact us to learn more about our services!

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

Incident response Management is the methodology an organization uses to respond to and manage a cyberattack or a data breach.