Accelerating Your Incident Response PlanNot Having a Plan When a Cyber-Attack Occurs Can Cost You Millions By: Jeff Multz
You will be hacked. It’s not about if it will happen but when. How fast you can recognize and remediate an information security breach will determine the impact it will have on your finances and reputation. If you don’t have an incident response plan when it occurs, you are headed for trouble.
Your Information Security Network isn’t foolproof
No network is impenetrable, and there’s no such thing as a zero-defect network. Advanced persistent threat (APT) actors probe and probe until they get inside your network, and when they do, you’d better be prepared to get them out lickety-split! You should know in advance who is going to remediate the information security breach, what their qualifications are for doing so and how those qualifications make them valuable. Beware: all “remediation experts” are not true experts.
More time equals more money for Cyber Attackers
When your network security has been compromised, you need to get the cyber attackers out as quickly as possible. The longer they stay in your network, the more time they have to steal your trade secrets, customer contact information, money, financial information and other private data.
Without including catastrophic or mega data security breaches, the average cost of a data breach per compromised record in the U.S. is $188, according to Ponemon Institute’s 2013 Cost of Data Breach study. The average total cost to an organization in the U.S. is more than $5.4 million. The best way to lower the total cost is by getting the cyber attackers out of your network as quickly as possible.
Incident Response should be left to Information Security Experts
Remediation should be fast and thorough. If your Incident Response (IR) team neglects to remove all of the malware and close all the “back doors,” or secret entrance ways they created to re-enter your network, cyber attackers will still have access to your network.
Whenever you have the slightest suspicion your network has been breached, contact an organization that specializes in Incident Response. Attackers reside unseen in networks for months or more before being discovered. According to the Verizon Business Data Breach Investigations Report, 52 percent of breaches at large enterprises and 23 percent at small enterprises were first noticed by unrelated third parties, and almost all of those were cases of espionage, not related parties. Remediation should be left up to information security experts who handle remediation every day, not to “security professionals” who are generalists. They don’t have the knowledge and information needed to quickly remediate breaches. The majority of Verizon’s respondents said their organizations didn’t have the tools, personnel and funding to prevent, quickly detect and contain data breaches.
How Dell SecureWorks Incident Response can help your Organization
To remediate a breach, your incident responders should work with a team that has a global view of the threat landscape. That team should be familiar with the tactics, techniques and procedures attackers use, including the types of malware they use, the places inside networks they normally hide malware, and the places they are likely to have created backdoors. This insight helps your responders find all the malware and close all the back doors far quicker than they otherwise would be able to.
At Dell SecureWorks, we monitor cyber attackers via their attacks on our 3,500+ managed security services provider (MSSP) customers around the world, their actions in cyber underground websites, and their activities we learn about from private resources around the world.
In the Dell SecureWorks integrated MSSP-IR model, cyber security researchers and incident responders pass intelligence back and forth, allowing our IR team to expedite remediation and researchers to reverse engineer the latest malware to create countermeasures for customers.
If your network gets breached and you have a Dell SecureWorks incident response management retainer, you can have an IR team that is already familiar with your network on site within 24 hours. Not only can a retainer shorten the resolution time from days to minutes, it can prevent you from wasting time deciding on who will handle the breach.
If Dell SecureWorks is your MSSP, there’s a good chance your organization will not experience any major issues or concerns related to a potential incident. With our IR retainers, you’ll be allowed to use your unused retainer hours toward other services when you don’t suffer a breach. You may not suffer from a breach this year or next year, but one day, you likely will.