Top Three Lessons Learned in Incident Response

November 17, 2020 | Article

Notes from the Field to Make Your Business Stronger

According to the 2019 NetDiligence Cyber Claims Study Report, the average total cost of a data breach for small to medium enterprises in 2018 was $97,000. In the same year, the loss of business income alone from a data breach averaged $130,000. This amount can be difficult for any size of organization to take on.

Is there a way to mitigate the damage from occurring? The answer is yes, if you take the necessary precautions. The same report notes that incident response preparedness was the highest cost-saver for businesses, with an average savings of $2 million.

What is Incident Response?
For most businesses, a cybersecurity attack is not a matter of “if,” but “when.” Incident response is how you respond to that attack when it happens. The goal of incident response is not only to get you back up and running after a breach, but to also have the evidence forensically preserved so that a thorough investigation can be performed to assist in determining if there was a data privacy breach.

What You Can Learn from Incident Response
One thing is for sure: the worst time to think about your incident response plan is when you are responding to an incident. That’s why we’ve compiled the top three lessons we’ve learned in incident response that can help you proactively plan for the future and make your business stronger.

Lesson #1: Create a Culture of Cybersecurity Awareness
By now, most people know that they don’t have a Nigerian prince uncle who has bequeathed them $1 million payable only by first sending money to an overseas account. However, technology has made it more and more difficult to discern what is legitimate from what is fraud.

By creating a culture of cybersecurity awareness, your employees will be less likely to fall prey to phishing scams or clever ransomware attacks. The NetDiligence report notes that 70% of claims for lost business income were due to ransomware.

Even when you and your employees have done everything right, there’s still a chance you will face a breach, as was the case with one of our clients. Although they had created a culture of cybersecurity awareness, they were still breached due to a compromise occurring with the organization’s third-party IT provider and their use of an RDP tool to remote into the organization’s servers.

Here’s how to create a culture of cybersecurity in your business.

Lesson #2: Have an Incident Response Plan Ready to Deploy
When an incident occurs, everything is on fire. However, it is imperative that the business remains up and running. Those businesses that have an Incident Response Plan are better prepared to investigate and remediate by having designated people (employees, management, and third parties), processes, and technology to expediate an incident response investigation. Organizations that are prepared with an Incident Response Plan benefit from a more efficient and effective investigation which leads to more favorable incident response costs.

This was evident when a customer alerted one of our clients that money had been withdrawn from their account. Our client quickly went into incident response. Fortunately for them, they had a robust documented incident response plan in place which included key contacts at their bank, FBI, and incident response team. Since they had a documented incident response plan, the incident was quickly resolved with help from the incident response team, FBI, and the bank. IT determined there was a gap in their customer service department that allowed users to reset account passwords without proper authorization. If it was not for the organization’s incident response plan with key contact information, the money may not have been recovered.

See how Eide Bailly can set your mind at ease with our incident response approach.

Lesson #3: Time is Money
On average, it takes 280 days to identify and contain a data breach and, according to IBM’s Cost of a Data Breach Report, by containing a breach in less than 200 days, you will save your organization $1 million.

As an example, a client of ours contacted our incident response team the same day they received a spoofed email from one of their customers. We were quickly engaged to investigate their systems, which led to the swift determination that the customer’s systems were likely compromised. This immediate determination led to a conversation with the client’s customer to help remediate the compromise. Thankfully, no money was lost, and no systems were affected due to the client’s quick actions in having us perform an immediate incident response investigation.

Here are some ways that you can stay on top of your system and quickly detect when you’ve been hacked:

  • Provide continuous security awareness training for employees inclusive of advanced phishing attacks and updates regarding recent cybersecurity attack trends
  • Employ managed detection and response (MDR) services with advanced threat hunting capabilities
  • Utilize Security Information and Event Management (SIEM) technology
  • Have an incident response firm on retainer to be there when you need them the most

By taking what we’ve learned from our experience in incident response and applying it to your own organization, you can not only mitigate the threat of an attack, but also ensure that you can respond quickly and efficiently so that your organization can mitigate damage and save time and money.

Is your business under attack?

Stay current on your favorite topics

SUBSCRIBE

Applicable Services

Take a deeper dive into this Insight’s subject matter.

Cybersecurity