Febrero 3, 2020

How to move on from a cybersecurity incident

Shane Schick

Cybersecurity incidents can cost people their jobs. Organizations can lose customers as their share price tanks. Customers’ personal and confidential information can be put at risk. And when the incident has finally been contained, there’s still a lot that happens before it’s in the rearview mirror.

A solid incident response plan begins with defining the scope of the threat, gathering data, assigning roles and beginning the remediation process. But incident response plans are about more than prevention. Make sure you don’t ignore these aspects.


Incident reporting

No company wants to have a press conference in the midst of a cyberattack, but they should be ready to inform third parties appropriately. This may include law enforcement, customers and even the media.

Rizwan Jan, chief information officer (CIO) of the Henry M. Jackson Foundation for the Advancement of Military Medicine, says this is where your incident reporting (IR) team needs to be extra clear about its roles and responsibilities.

“There can be a lot of speculation, and that speculation is often misinformation,” Jan cautions. “Your CIO should not be talking to the press about a data breach. If the situation were reversed, you wouldn’t want a PR person tinkering around with security tools.”

Of course, senior leaders need to be informed and consulted too, but they’re often on a plane or locked up in a meeting while an incident unfolds. Jan recommends CEOs deputize someone to handle crisis management questions — a second-in-command who can make decisions. This should be woven into the incident response plan as well.

“You always want to avoid a single point of failure,” Jan says, referring not just to IT but to response team collaboration. “You need to have a path B, C and D.”

Implementing best practices

Even the best-laid incident response plans will fail if they’re not tested with regular drills. And the nature of cyber incidents is constantly changing, which makes it even more important to ensure the plan aligns with organizational needs.

A study conducted by the Ponemon Institute earlier this year shows that 54 percent of those who have an incident response plan don’t test it. So, there may be a gap between how an organization expects it can deal with a data breach and what actually ends up transpiring.

Jan says the best way to overcome this problem is to get proper executive buy-in from the very beginning. Gather industry research about data threats in your particular industry, or highlight news coverage of competitors who’ve been hit by an attack.

“It’s a good thing to show those statistics to management to get their incident response antenna up to all the threats that are out there,” Jan explains. “That’s when your message will get out to the rest of the organization and security becomes more ingrained in your culture.”

Strengthening mobile security

The annual SANS Incident Response Survey looks at trends in how organizations handle these issues. The 2019 report showed the difference automation is making: For example, only 35 percent of those surveyed in 2019 said they manually blocked command-and-control (C2) IP addresses, compared with nearly 46 percent in 2018.

So how does a threat landscape that’s growing through the use of mobile devices change a company’s approach to incident response?

Jan looks for three things in an enterprise mobility management (EMM) solution: how well it integrates in an organization’s existing technology stack, what kind of visibility it offers into cyberthreats and what control it gives in terms of fine-tuning rules and configuration. And don’t overlook conducting a post-mortem — not a meeting filled with finger-pointing, but a genuine, constructive look at where you should optimize your incident response plan.

“We should be in the spirit of ever improving our business processes,” Jan advises. “Tie into metrics like mean time to detecting and resolving an incident. And map those metrics into industry standards. That way, you have some teeth to it, and if you have auditors come in, you’ll have a story to tell about why you’re doing what you’re doing. You will fail if you whip up [an incident response plan] out of nowhere and don’t have anything to back it up.”

Samsung Knox fills the gaps

Not all cyber incidents involve mobile devices, but for those that do, an important part of the remediation process is looking at the extent to which data on a smartphone, for instance, connects back to the network. This is obviously much easier if you already have an EMM solution in place, as the solution can help you quickly identify which devices need to be addressed and even consider future points of vulnerability.

Samsung’s Knox platform and supporting services can be a linchpin in helping organizations bring their IR plan together, offering the ability to configure, monitor and secure mobile devices against a wide range of cyber threats.

To learn more about building an incident response plan for your business, download our free whitepaper.


[Ícono] cerrar

Comenzar con Samsung Knox

[Ícono] maletín
¿Es un distribuidor, un proveedor de soluciones o un proveedor de servicios?

Conviértase en socio de Knox y haga crecer su empresa hoy mismo.

[Ícono] información

Seleccione un producto Knox para comenzar:

Paquete todo en uno
Knox Suite
Cambios de marca y personalización
Knox Configure
Protección contra el fraude y el robo
Knox Guard
Plan de protección de dispositivos
Samsung Care+ for Business
Otros productos y servicios

Comience con

[Imagen] Knox Suite

Paquete de soluciones todo en uno para ofrecer movilidad empresarial.

  • Obtenga una prueba gratuita de 90 días para hasta 30 dispositivos.
  • Un conjunto completo de herramientas para proteger, implementar, administrar y analizar los dispositivos corporativos.
  • Pruebe funciones potentes incluidas en el paquete de Knox Suite.

Knox Suite incluye lo siguiente:

Knox Mobile Enrollment Gratuita
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Gratuita
Soporte remoto de Knox
Knox Capture
Knox Authentication Manager

Comience con

[Imagen] Logotipo de Knox Configure

Personalice sus dispositivos Samsung y cámbieles la marca.

  • Obtenga una prueba gratuita de 90 días para hasta 30 dispositivos.
  • Configure de forma remota los dispositivos Samsung en masa y personalícelos según las necesidades específicas, desde el primer momento.
  • Configure sus dispositivos para una implementación de una sola vez o actualícelos cuantas veces quiera.

Comience con

[Ícono] Logotipo de Knox Guard

Protección contra el fraude y el robo para dispositivos Samsung.

  • Obtenga una prueba gratuita de 90 días para hasta 30 dispositivos.
  • Reduzca los riesgos financieros y proteja los activos mediante el control remoto de dispositivos Samsung.
  • Pruebe todas las funciones de Knox Guard, incluidos el control de SIM y el bloqueo de dispositivos.

Comience con

[Imagen] Logotipo de Samsung Care Plus For Business

Planes de protección de dispositivos para dispositivos Samsung.

  • Limite las interrupciones empresariales con reparaciones y reemplazos de dispositivos rápidos. Comuníquese con el equipo de ventas de Samsung para comenzar.
  • Vea toda la cobertura para dispositivos e información de reclamaciones en un solo lugar.
  • ¿Ya compró Samsung Care+ for Business? Cree una cuenta y active su plan en la consola Samsung Care+ for Business.

Otros productos y servicios

[Imagen] Otros logotipos

Soluciones modernas para abordar sus necesidades únicas.

  • Obtenga soporte técnico eficiente de un administrador de cuentas dedicado con el Soporte técnico empresarial.
  • Cree dispositivos a medida para su empresa mediante Samsung Software Customization Service.