Februar 3, 2020

How to move on from a cybersecurity incident

Shane Schick

Cybersecurity incidents can cost people their jobs. Organizations can lose customers as their share price tanks. Customers’ personal and confidential information can be put at risk. And when the incident has finally been contained, there’s still a lot that happens before it’s in the rearview mirror.

A solid incident response plan begins with defining the scope of the threat, gathering data, assigning roles and beginning the remediation process. But incident response plans are about more than prevention. Make sure you don’t ignore these aspects.


Incident reporting

No company wants to have a press conference in the midst of a cyberattack, but they should be ready to inform third parties appropriately. This may include law enforcement, customers and even the media.

Rizwan Jan, chief information officer (CIO) of the Henry M. Jackson Foundation for the Advancement of Military Medicine, says this is where your incident reporting (IR) team needs to be extra clear about its roles and responsibilities.

“There can be a lot of speculation, and that speculation is often misinformation,” Jan cautions. “Your CIO should not be talking to the press about a data breach. If the situation were reversed, you wouldn’t want a PR person tinkering around with security tools.”

Of course, senior leaders need to be informed and consulted too, but they’re often on a plane or locked up in a meeting while an incident unfolds. Jan recommends CEOs deputize someone to handle crisis management questions — a second-in-command who can make decisions. This should be woven into the incident response plan as well.

“You always want to avoid a single point of failure,” Jan says, referring not just to IT but to response team collaboration. “You need to have a path B, C and D.”

Implementing best practices

Even the best-laid incident response plans will fail if they’re not tested with regular drills. And the nature of cyber incidents is constantly changing, which makes it even more important to ensure the plan aligns with organizational needs.

A study conducted by the Ponemon Institute earlier this year shows that 54 percent of those who have an incident response plan don’t test it. So, there may be a gap between how an organization expects it can deal with a data breach and what actually ends up transpiring.

Jan says the best way to overcome this problem is to get proper executive buy-in from the very beginning. Gather industry research about data threats in your particular industry, or highlight news coverage of competitors who’ve been hit by an attack.

“It’s a good thing to show those statistics to management to get their incident response antenna up to all the threats that are out there,” Jan explains. “That’s when your message will get out to the rest of the organization and security becomes more ingrained in your culture.”

Strengthening mobile security

The annual SANS Incident Response Survey looks at trends in how organizations handle these issues. The 2019 report showed the difference automation is making: For example, only 35 percent of those surveyed in 2019 said they manually blocked command-and-control (C2) IP addresses, compared with nearly 46 percent in 2018.

So how does a threat landscape that’s growing through the use of mobile devices change a company’s approach to incident response?

Jan looks for three things in an enterprise mobility management (EMM) solution: how well it integrates in an organization’s existing technology stack, what kind of visibility it offers into cyberthreats and what control it gives in terms of fine-tuning rules and configuration. And don’t overlook conducting a post-mortem — not a meeting filled with finger-pointing, but a genuine, constructive look at where you should optimize your incident response plan.

“We should be in the spirit of ever improving our business processes,” Jan advises. “Tie into metrics like mean time to detecting and resolving an incident. And map those metrics into industry standards. That way, you have some teeth to it, and if you have auditors come in, you’ll have a story to tell about why you’re doing what you’re doing. You will fail if you whip up [an incident response plan] out of nowhere and don’t have anything to back it up.”

Samsung Knox fills the gaps

Not all cyber incidents involve mobile devices, but for those that do, an important part of the remediation process is looking at the extent to which data on a smartphone, for instance, connects back to the network. This is obviously much easier if you already have an EMM solution in place, as the solution can help you quickly identify which devices need to be addressed and even consider future points of vulnerability.

Samsung’s Knox platform and supporting services can be a linchpin in helping organizations bring their IR plan together, offering the ability to configure, monitor and secure mobile devices against a wide range of cyber threats.

To learn more about building an incident response plan for your business, download our free whitepaper.


[Icon] schließen

Erste Schritte mit Samsung Knox

[Icon] Koffer
Sind Sie Fachhändler, Lösungsanbieter oder Serviceanbieter?

Werden Sie Knox Partner und bauen Sie Ihr Geschäft noch heute aus.

[Icon] Info

Wählen Sie ein Knox-Produkt aus, mit dem Sie beginnen möchten:

Knox Suite
Rebranding und Anpassung
Knox Configure
Schutz vor Betrug und Diebstahl
Knox Guard
Samsung Care+ for Business
Sonstige Produkte und Leistungen

Erste Schritte mit

[Image] Knox Suite

Komplettlösung für Unternehmensmobilität.

  • Sichern Sie sich eine kostenlose 90-Tage-Testversion für bis zu 30 Geräte.
  • Eine vollständige Auswahl an Tools für die Sicherung, Bereitstellung, Verwaltung und Analyse der Geräte Ihres Unternehmens.
  • Testen Sie die leistungsstarken Funktionen der Knox Suite.

Knox Suite umfasst:

Knox Mobile Enrollment Kostenlos
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Kostenlos
Fernsupport für Knox
Knox Capture
Knox Authentication Manager

Erste Schritte mit

[Image] Knox Configure-Logo

Umbenennen und Anpassen Ihrer Samsung Geräte.

  • Sichern Sie sich eine kostenlose 90-Tage-Testversion für bis zu 30 Geräte.
  • Konfigurieren Sie mehrere Samsung Geräte gleichzeitig per Fernzugriff und passen sie die Geräte an Ihre persönlichen Bedürfnisse, damit sie sofort einsatzbereit sind.
  • Richten Sie Ihre Geräte für eine einmalige Bereitstellung ein, oder aktualisieren Sie sie so oft Sie möchten.

Erste Schritte mit

[Icon] Knox Guard-Logo

Betrugs- und Diebstahlschutz für Samsung Geräte.

  • Sichern Sie sich eine kostenlose 90-Tage-Testversion für bis zu 30 Geräte.
  • Geringere finanzielle Risiken und Schutz Ihrer Vermögenswerte durch Fernsteuerung von Samsung Geräten.
  • Testen Sie alle Funktionen von Knox Guard, einschließlich der SIM-Steuerung oder der Gerätesperrung.

Erste Schritte mit

[Image] Samsung Care Plus For Business-Logo

Geräteschutz-Tarife für Ihre Geräte von Samsung.

  • Verringern Sie Betriebsunterbrechungen mit schnellen Reparaturen und Austausch von Geräten. Wenden Sie sich zum Durchstarten an das Samsung Vertriebsteam.
  • Alle Informationen über die Abdeckung und Ihre Ansprüche an einem zentralen Ort einsehen.
  • Sie haben Samsung Care+ for Business bereits gekauft? Erstellen Sie ein Konto und aktivieren Sie einen Tarif über die Samsung Care+ for Business-Konsole.

Sonstige Produkte und Leistungen

[Image] Sonstige Logos

Moderne Lösungen für Ihre individuellen Ansprüche.

  • Profitieren Sie von effizientem technischen Support durch einen fest zugeordneten Kundenbetreuer mit Enterprise Tech Support.
  • Erstellen Sie maßgeschneiderte Geräte für Ihr Unternehmen mit dem Samsung Software Customization Service.