Unfortunately, cyber criminals are getting better and better at what they do. Threats are constantly changing and evolving and it's our responsibility to stay one step ahead at all times. But sometimes institutions can get too complacent thinking their security measures are enough and that an incident won't happen to them. Until it does. Then they're left scrambling to pick up the pieces.
That's why we think that staying one step ahead should include taking the time to be properly prepared for when an incident might happen. That way it won’t cripple your team during such a crucial time.
So this week we look at 6 of the biggest problems we see banks and credit unions run into after an incident and what you can do ahead of time to avoid them.
What you can do: Train your security staff on standard incident response techniques and, more importantly, on the specific procedures set by your organization. Take the time to conduct table top exercises to let your team prepare for various scenarios and look for ways to improve their response.
What you can do: Promote user awareness that breaches do happen and are a very real thing. Focus on what to do next at various levels of various departments. Don’t make the mistake of only communicating this to IT staff.
What you can do: Be sure to include other departments along with IT and Security, like Executive Management, Legal, Human Resources, Public Relations, etc.
What you can do: Create an accurate representation of your digital enterprise. This includes accurate, up to date, network diagrams, data flow diagrams, IP address lists, asset inventory, etc.
What you can do: Keep the experts on speed dial. Some digital forensics experts require an on-boarding fee along with ongoing retainer ahead of time to “be available” in the event of a cyber incident. Communicate with those experts that you will need for an incident ahead of time; don’t wait until a crisis to have that conversation.
What you can do: Forensics teams are relying on network packets now more than ever to piece together the puzzle of a breach or major incident. Without baseline network packets stored before the alert, it becomes difficult to differentiate the good from the bad. This doesn’t mean keeping EVERYTHING, but only packets around detected events. Setting a strategy for this would probably mean a conversation with your Log/IDS team or SIEM provider.
The biggest takeaway from these 6 items is that you don’t wait for the incident to address them. A little work ahead of time can put you miles ahead in the long run.
If you're looking for extra help with your Incident Response, check out our CySPOT™ Incident Response Planning and Preparation Module.
If you found this article helpful and want to have our articles delivered directly to your inbox every week sign up for our newsletter.
