The growth of cyber-attacks has been on the exponential rise and will continue to do so. Gartner reports that by 2025, 40% of boards will have a dedicated cybersecurity committee. The perimeter of the current cyber-attacks have been out of proportions and is expected to worsen with organizations having poor cyber defence. Gartner has also reported that cybersecurity related risks has been rated the second-highest source of risk for an enterprise. Amplified data breach concerns — particularly since the worldwide COVID-19 episode nearly a year ago — doesn’t seem to have incited an improved Incident Response (IR) or capabilities at numerous organizations. An interesting statistic was presented by Dark Reading highlighting the findings of a survey conducted with some organizations with respect to the incident management plan. The survey involved 500 security and risk leaders conducted by Wakefield Research on behalf of Red Canary, Kroll, and VMware shows more than one-third (36%) of organizations still don’t have a structured IR process in place.
The survey found that though 70% of respondents reported being bombarded with over 100 threat alerts daily, just 8% described their organizations as having the ability to quickly identify the root cause of an attack. Forty-six percent described their IR teams as typically requiring more than one hour to contain a threat, and 23% of organizations that had experienced three or more compromises over the past year said they needed about 12 hours at least to contain a breach. The information in Wakefield’s overview proposes that numerous organizations are as yet battling with natural, old difficulties with IR as well as with more extensive data security issues additionally. Though a lot has been made about a substantial increase in attack volumes, the growing sophistication of threats, and concerns over SolarWinds-like attacks, enterprise responses appear to be lagging.
The over-all apprehension over data breaches and lacking IR plans seems to have driven numerous enterprises to third-party- managed detection and reaction (MDR) suppliers. 76% by and by host drew in a third-party supplier for probably a portion of their detection and reaction needs. Security pioneers see MDR suppliers as aiding organizations detect to, react to, and contain breaches quicker than they can all alone. Outsider firms have seen a lot a larger number of occurrences than any one client has encountered, so they have both distinct playbooks and individuals who realize how to deal with each progression well. [Reference]. In all honesty, ransomware and other cyberattacks are the last sign an adversary has penetrated an association’s network. Truth be told, when clearly a business has been misled by an attack, it normally implies cybercriminals have been sneaking for quite a long time, if not months. The question is, if cyberattacks require a long time to execute, would organizations be able to arrange and act continuously to limit the harm of cyberattacks? The most ideal route forward for organizations is to have an organized incident response plan, so they can go about as quick as conceivable when under a functioning attack.
Sophos has proposed some effective incident response ideas leading to a framework. Some of the examples include determining key stake holders, identifying critical assets, run table top exercises, ensure maximum visibility and implementing effective access controls. Furthermore, establishing response actions, conduct awareness trainings and finally hire or outsource some portion of the incident response to a managed secured service. While cyberattacks can seem inevitable and it is always a good idea to have an incident response plan for your organization, it can help prevent incidents from the inside. Having an incident response not only helps to gain visibility into potential treats to critical systems but also enable to recuperate in case of data breach and also ensure the same mistake or event is not repeated. My personal opinion is that an effective cyber incident response plan will play a pivotal role in providing an effective cyber defence strategy thereby trying to reduce the occurrence of a potential cyber-attack.
Article by Kaushik Sundararajan
I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of certain ideas from a different perspective