FEATURE
Learning from experience and pinpointing what went wrong is a crucial step in improving your ongoing incident response plan .
functionality is assessed and normal operations resume .
6 . Recommendations
There are lessons to learn from any cybersecurity incident , both at the process level and because threats are constantly changing and evolving . Learning from experience and pinpointing what went wrong is a crucial step in improving your ongoing incident response plan . It is a good practice to perform a post-mortem meeting with the entire team to provide feedback on what worked and what didn ’ t , and raise suggestions for process improvement . counsel may not be well versed in how to deal with an ongoing cyberattack .
3 . Containment
Containment is an attempt to stop the threat from spreading in the environment and doing more damage . There are two types of containment :
• Short-term containment — Immediate action to prevent the threat from spreading . For example , quarantining an application or isolating a system from the network .
• Long-term containment — Restores systems to production in a clean state , identical to how they were configured before the threat was introduced .
4 . Eradication
This process includes identifying the point of intrusion , assessing the attack surface and removing any remaining backdoor access . At this stage , the incident response team neutralises any remaining attacks . As part of this step , the team determines the root cause of the incident to understand how to prevent similar attacks .
5 . Recovery
At this stage , the incident response team returns systems to normal operation . Compromised accounts are given new , more secure passwords , or replaced with a more secure access method . Vulnerabilities are remediated ,
The first 72 hours after a data breach are critical . Every decision that an organisation makes can carry financial , legal , regulatory , investigatory and perception repercussions . This can include disruption of operations , client blowback , increased security and insurance budgets , intellectual property theft , the devaluation of a company ’ s name ( potentially resulting in a stock price dip or drop in investor confidence ) and more .
Furthermore , the number of cyberattacks – particularly ransomware attacks – has skyrocketed , with cybercriminals taking advantage of a vastly expanded attack surface . It ’ s therefore vital that organisations actively prepare for cyberattacks , either by bolstering their own cybersecurity and incident response capabilities , or by engaging with an MSSP to make cyberpreparedness both a business protector and enabler for growth . u www . intelligentciso . com
39