Evaluating Paths to Incident Response
If you’re reading this, chances are you’re actively trying to improve your security to prevent a breach, or you’re experiencing a breach right now and trying to determine what to do about it.
Most of the advice you’ve found so far probably has you writing an incident response (IR) plan and then stashing it in a safe until the moment of the breach—which won’t help much if you’re in the middle of one, nor with detecting an indicator of compromise throughout its lengthy dwell time (before it leads to a breach).
There are several avenues that small to mid-sized enterprises can consider for dealing with cybersecurity incidents. In this post, I provide concrete paths (beyond the IR plan) to consider leading up to a breach, and the pros and cons associated with each of them. I also evaluate their applicability in a post-breach scenario. Note, these aren’t all mutually exclusive, and are best implemented before you’ve been breached.
That said, we’ll close with some high-level steps that can direct your efforts right away and make a significant, measurable impact on your security posture.
Spoiler alert, if you haven’t yet invested in the people, processes, and technologies of a mature cybersecurity program, you will likely need external help from a provider to restore your operation (depending on the impact of the breach, and how prepared you are to restore to backups). More on that later.
Paths to Consider
“So,” you may ask yourself, “what can I do today that would significantly aid my response to an incident?” For the purposes of this discussion, let’s assume the worst: ransomware on all your machines. What can you do about this today to make sure if every single person in the company had ransomware on a Friday you could go (Read more...)
*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Adam Mansour. Read the original post at: https://www.intelligonetworks.com/blog/paths-to-ir
