Data breaches are increasingly expensive and common, if security researchers are correct. The latest Ponemon Institute survey found that successful cybercrime attacks cost businesses an average of $214,000 per incident. And, businesses should assume that they’re in the crosshairs: as FBI Director Robert Mueller in a speech on cybersecurity in March noted, "I am convinced there are only two types of companies: those that have been hacked and those that will be."
Dell SecureWorks’ center provides information about today's key cyber threats, including advanced persistent threats (APT), cyber espionage, financial cybercrime, disgruntled former employees, distributed denial-of-service (DDoS) attacks and hacktivism. This dovetails with the Ponemon report, which found that respondents reported SQL injections as the most serious security attacks experienced in the last two years, while about one-third of respondents said they experienced APTs (35%), botnet infections (33%), and DDoS attacks (32%).
Dell SecureWorks pointed out that the frequency and severity of security breaches make headlines daily, but that companies have to take a multipronged approach to minimize damage starting before an attack happens. That means, critically, putting together an incident response plan, which includes processes for minimizing an attack’s duration, recovering compromised data and preserving evidence for legal action
In a whitepaper included on the site, Dell SecureWorks noted that most organizations actually don’t have a basic Computer Security Incident Response Plan (CSIRP) in place. And if a plan is in place, it is not regularly tested and revised. This echoes results of a quantitative survey conducted by Lieberman Software that found rampant complacency within enterprises. About three-quarters (73%) of IT security professionals would not be willing to bet $100 that their security plans and approaches are effective. The study showed that 81.4% of IT security staff believe that employees tend to ignore the rules that IT departments put in place. Also, about half (52.2%) said they believe that employees wouldn’t listen even if IT directives came from executive management.
Complacency, though, isn’t an option when it comes to preparing for cyberattacks. “For any organization serious about effectively responding to a security breach, we recommend IT and IT security professionals develop and test a Computer Security Incident Response Plan based on best practices,” Dell SecureWorks said. “The CSIRP is the master document to help organizations plan for the contingency of a security breach. The document defines the roles, responsibilities and procedures of the incident response function within the organization. In essence, the document formalizes the incident response function within the organization and within the security stack.”
The first step is to establish a CSIRP that’s compliant with the organization’s applicable mandates (i.e., PCI/PFI, NIST, HIPAA, etc.) and addresses the specific requirements of the overall organization, the company noted. Then, companies need to routinely test the CSIRP to assess procedures, identify gaps in execution and evaluate the team’s proficiency in responding to a security breach. Testing should include multiple breach scenarios that address both commodity and targeted attacks. If critical business operations rely on connectivity with customers from the internet, ensure DDoS is addressed in the plan. Overall, recovery planning should be rehearsed and stress tested, and implemented in close coordination between IT and IT security staff, Dell SecureWorks noted.