Top Three Lessons Learned in Incident Response

May 28, 2021
Data Breach Response

Cybersecurity Risk is Business Risk

Cyber Risk Lessons on Mitigation
Eide Bailly's security team provides guidance, strategic direction, and prioritization of business objectives and cyber risks.
Talk to our specialists

Key Takeaways

  • The worst time to think about your incident response plan is when you are responding to an incident.
  • Cyberattacks commonly happen during holidays or in the middle of the night. Therefore, it is crucial to install software and take advantage of automation to keep your systems secure 24x7.
  • According to IBM’s Cost of a Data Breach Report, containing a breach in less than 200 days can save your organization over $1 million.

For most businesses, a cybersecurity attack is not a matter of “if,” but “when.” Incident response is how you respond to that attack when it happens.

Organizations that prioritize incident response are able to return back to normal much quicker if a breach does occur. They are also able to gather more evidence from the cyberattack in order to conduct a thorough investigation as to what was breached. Finally, incident response can help organizations save significantly on the cost of a breach – paying up to 58% less than those that do not have a plan in place.

What You Can Learn from Incident Response

When an incident occurs, everything feels like it is on fire. However, it is imperative that your business remains up and running. Organizations that have an incident response plan are better prepared to investigate and remediate by having designated people (employees, management, and third parties), processes, and technology to expediate an incident response investigation.

The work doesn’t stop after you create your incident response plan, though. To ensure you’re prepared in the case of a breach, it’s imperative that you continually test your plan. Because one thing is for sure: the worst time to think about your incident response plan is when you are responding to an incident.

We’ve compiled the top three lessons we’ve learned in incident response that can help you proactively plan for the future and make your organization more secure.

Lesson #1: Prior Protection Leads to Less Risk

Employee training can bring the cost of a data breach down by $247,758, according to IBM’s 2022 report.

Additionally, 95% of data breaches are caused by human error, meaning that with proper awareness and education, you can stop the majority of cyberattacks from occurring in the first place. This means that awareness of and participation in cybersecurity best practices must go far beyond IT and instead become part of your company’s culture. By creating a culture of cybersecurity awareness and developing preventative protocols, you can save your business from detrimental cybersecurity incidents that would otherwise cost your organization time, money and possibly your reputation.

Protection also includes being prepared for when the inevitable occurs. Even if you and your employees do everything right, there’s still a chance you will face a breach.

One of our financial institution clients experienced the value of their incident response plan firsthand. When one of their customers alerted them that money had been withdrawn from their account, our client quickly went into incident response. Fortunately for them, they had a robust documented incident response plan in place which included key contacts at their bank, FBI, and incident response team.

IT was able to quickly determine there was a gap in their customer service department that allowed users to reset account passwords without proper authorization. If it was not for the organization’s incident response plan with key contact information, the money may not have been recovered.

Lesson #2: Breaches Intentionally Occur When You Least Expect Them

Cyberattacks commonly happen during holidays or in the middle of the night. Therefore, it is crucial to install software and take advantage of automation to keep your systems secure 24x7.

To gauge your preparedness, you can begin by asking yourself the following questions:

  • What steps has leadership taken to ensure your organization is prepared to respond to an incident or data breach?
  • What is your level of confidence your business data is secure?
  • What steps have you taken to ensure your company data is protected?
  • What security strategies have you implemented to protect a mobile or remote workforce?
  • What priority does security have within your IT team?

Depending on your answers to the above, you may need to consider improving your current security procedures and processes. Eide Bailly recommends the following solutions in order to properly monitor and manage your cybersecurity posture:

  • Endpoint Management

    Endpoint security usually refers to an application that detects and blocks malicious software. Some endpoint tools can also provide data loss prevention, encryption, firewall functionality and application whitelisting.
  • Firewall Management

    A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the internet. Security services for a firewall include intrusion protection, application proxy, connection monitoring and more.
  • Managed Detection and Response (MDR)

    MDR is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network. It also assists in rapid incident response to eliminate those threats with succinct remediation actions.

See how Eide Bailly can set your mind at ease with our incident response approach.

Lesson #3: Time is Money

On average, it takes 277 days to identify and contain a data breach. According to IBM’s Cost of a Data Breach Report, by containing a breach in less than 200 days, you will save your organization over $1 million.

As an example, a client of ours contacted our incident response team the same day they received a spoofed email from one of their customers. We were quickly engaged to investigate their systems, which led to the swift determination that the customer’s systems were likely compromised.

This immediate determination led to a conversation with the client’s customer to help remediate the compromise. Thankfully, no money was lost, and no systems were affected due to the client’s quick actions in having us perform an immediate incident response investigation.

Here are some ways that you can stay on top of your system and quickly detect when you’ve been hacked:

  • Provide continuous security awareness training for employees inclusive of advanced phishing attacks and updates regarding recent cybersecurity attack trends
  • Employ managed detection and response (MDR) services with advanced threat hunting capabilities
  • Utilize Security Information and Event Management (SIEM) technology
  • Have an incident response firm on retainer to be there when you need them the most

Keep in mind that your organization has an obligation to keep its customers’ personal information confidential. You may face liability if their information is exposed in a data breach, especially considering how long it takes organizations to detect foul play.

Investing in cyber insurance is a great way to protect your own company in the case of a breach, as some cyber insurance policies give businesses more time to detect and report a data breach by extending their reporting period.

Be Prepared for Anything with a Proper Incident Response Plan

A secure IT infrastructure doesn’t just protect your company — it protects your reputation and your bottom line. By taking what we’ve learned from our experience in incident response and applying it to your own organization, you can not only mitigate the threat of an attack, but also ensure that you can respond quickly and efficiently so that your organization can mitigate damage and save time and money.

Costs associated with a security breach are significantly higher when organizations respond reactively. Developing a proactive, tested plan for prevention and response is not only cost-effective, but it will help better prepare your organization for an incident.

Expand Full Article