decrypting myths
Five key factors for
a robust incident
response process
In the modern world, it’s
agreed that it’s a case of
‘when’ cyberattackers come
knocking, rather than ‘if’. So
it’s crucial that CISOs and their
teams have a robust procedure
in place for when the worst
happens. Amir Kanaan,
Managing Director for META
region at Kaspersky, details
the key factors CISOs should
consider when building an
incident response process.
A
s attacks
become more
sophisticated and
frequent, 83% of
CISOs agree that
cyberincidents
within their
companies are inevitable. So it comes
as no surprise that the majority (76%)
believe the speed and quality of
incident response (IR) are the most
important factors when measuring
their performance. Shortage of
qualified professionals
This means that heads of IT security
departments are now focused not only
on preventing attacks, but on identifying
issues in time to minimise the damage. Next, an IR team should eliminate the
attack and recover any affected systems.
After an issue is resolved, the IR strategy
should be reviewed based on this
experience, to mitigate similar cases
happening again.
While having IR as a process is a
necessity, CISOs still face the dilemma
of organising it.
There are five factors IT security leaders
should consider when choosing how to
organise IR in their organisation:
www.intelligentciso.com
|
Issue 16
IR is often misunderstood as jumping
into the remediation phase when an
incident happens. However, the IR
process starts even before an attack has
occurred and isn’t over when it stops.
In general, IR consists of four stages.
The first is preparation to ensure all
responsible employees know how to act
upon attack. The second phase involves
incident detection.
These diversified activities call for
different professionals. Unfortunately,
these specialists are in short supply.
According to Kaspersky’s survey, 43% of
CISOs find it difficult to find a malware
67