Incident response is foundational to every security program, yet many companies still struggle with adoption and testing.
He enumerated the top challenges of incident response at the time which were 1) Increasing complexity and sophistication of computer attacks 2) Incident response methodologies and technologies need to evolve and address emergency threats and 3) Pre-incident preparation is as critical as any other proactive security measures.
Companies were just starting to deploy internet connected systems, 56k modems were standard.
Windows XP was the dominant operating system, Symantec and McAfee were the largest antivirus vendors on the market and DHS had just announced the need for the government to invest in cybersecurity.
Threats of the time were focused on banking and financial systems, and consumers were seeing fast spreading worms such as Mydoom, Sasser and Beagle.
Despite the drastically newer and more complex technology, many of the core incident response principles remain the exact same and companies should never forget core fundamentals of security response.
Incident responders have been busy cleaning up massive breaches this year.
If I had to recreate Kevin Mandia's presentation today, I would add three things to it to help companies better prepare for incidents.
Technology - There is more technology today than has ever existed, including complex supply chains, dramatically increasing the attack surface area across both hardware and software.
Incident responders need to be prepared to work with key stakeholders to fix or mitigate risk from third party suppliers.
Community - There is a thriving social community that allows for information and currency to move faster within both the security and dark web communities.
Dark web forums have existed for a long time, however threat groups today have aligned their incentives to maximize collaborative resources in the quickest time.
Incident responders need to be prepared to work with outside security resources to ensure they have the most accurate and up-to-date threat information.
Federal requirements from the SEC now require public companies to take action in certain instances.
Companies need to be prepared with public statements, legal contacts and form filing to ensure all communication requirements are met.
When Kevin Mandia spoke about the incident response in 2004, we see his words are still very relevant today.
The most foundational aspect of incident response is to ensure your organization has a detailed incident response plan, relevant to your business and with the key stakeholders.
While this might sound like an obvious statement, IBM research still found that 77% of respondents indicated they do not have a cybersecurity incident response plan applied consistently across the enterprise, and 54% do not test their plans regularly.
Every response plan is different, but we need to ensure our organizations are better prepared for incidents when they happen.
No amount of new security tools, security personnel or compliance requirements can substitute for proper incident preparation.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 09 Jan 2024 15:43:04 +0000