Febbraio 3, 2020

How to move on from a cybersecurity incident

Shane Schick

Cybersecurity incidents can cost people their jobs. Organizations can lose customers as their share price tanks. Customers’ personal and confidential information can be put at risk. And when the incident has finally been contained, there’s still a lot that happens before it’s in the rearview mirror.

A solid incident response plan begins with defining the scope of the threat, gathering data, assigning roles and beginning the remediation process. But incident response plans are about more than prevention. Make sure you don’t ignore these aspects.

 

Incident reporting

No company wants to have a press conference in the midst of a cyberattack, but they should be ready to inform third parties appropriately. This may include law enforcement, customers and even the media.

Rizwan Jan, chief information officer (CIO) of the Henry M. Jackson Foundation for the Advancement of Military Medicine, says this is where your incident reporting (IR) team needs to be extra clear about its roles and responsibilities.

“There can be a lot of speculation, and that speculation is often misinformation,” Jan cautions. “Your CIO should not be talking to the press about a data breach. If the situation were reversed, you wouldn’t want a PR person tinkering around with security tools.”

Of course, senior leaders need to be informed and consulted too, but they’re often on a plane or locked up in a meeting while an incident unfolds. Jan recommends CEOs deputize someone to handle crisis management questions — a second-in-command who can make decisions. This should be woven into the incident response plan as well.

“You always want to avoid a single point of failure,” Jan says, referring not just to IT but to response team collaboration. “You need to have a path B, C and D.”

Implementing best practices

Even the best-laid incident response plans will fail if they’re not tested with regular drills. And the nature of cyber incidents is constantly changing, which makes it even more important to ensure the plan aligns with organizational needs.

A study conducted by the Ponemon Institute earlier this year shows that 54 percent of those who have an incident response plan don’t test it. So, there may be a gap between how an organization expects it can deal with a data breach and what actually ends up transpiring.

Jan says the best way to overcome this problem is to get proper executive buy-in from the very beginning. Gather industry research about data threats in your particular industry, or highlight news coverage of competitors who’ve been hit by an attack.

“It’s a good thing to show those statistics to management to get their incident response antenna up to all the threats that are out there,” Jan explains. “That’s when your message will get out to the rest of the organization and security becomes more ingrained in your culture.”

Strengthening mobile security

The annual SANS Incident Response Survey looks at trends in how organizations handle these issues. The 2019 report showed the difference automation is making: For example, only 35 percent of those surveyed in 2019 said they manually blocked command-and-control (C2) IP addresses, compared with nearly 46 percent in 2018.

So how does a threat landscape that’s growing through the use of mobile devices change a company’s approach to incident response?

Jan looks for three things in an enterprise mobility management (EMM) solution: how well it integrates in an organization’s existing technology stack, what kind of visibility it offers into cyberthreats and what control it gives in terms of fine-tuning rules and configuration. And don’t overlook conducting a post-mortem — not a meeting filled with finger-pointing, but a genuine, constructive look at where you should optimize your incident response plan.

“We should be in the spirit of ever improving our business processes,” Jan advises. “Tie into metrics like mean time to detecting and resolving an incident. And map those metrics into industry standards. That way, you have some teeth to it, and if you have auditors come in, you’ll have a story to tell about why you’re doing what you’re doing. You will fail if you whip up [an incident response plan] out of nowhere and don’t have anything to back it up.”


Samsung Knox fills the gaps

Not all cyber incidents involve mobile devices, but for those that do, an important part of the remediation process is looking at the extent to which data on a smartphone, for instance, connects back to the network. This is obviously much easier if you already have an EMM solution in place, as the solution can help you quickly identify which devices need to be addressed and even consider future points of vulnerability.

Samsung’s Knox platform and supporting services can be a linchpin in helping organizations bring their IR plan together, offering the ability to configure, monitor and secure mobile devices against a wide range of cyber threats.

To learn more about building an incident response plan for your business, download our free whitepaper.

 

[Icon] chiudi

Comincia a utilizzare Samsung Knox

[Icona] valigia
Sei un rivenditore, un provider di soluzioni o un provider di servizi?

Diventa un partner Knox e fai crescere la tua azienda oggi.

[Icon] info

Seleziona un prodotto Knox per iniziare:

Soluzione completa
Knox Suite
Rebranding e personalizzazione
Knox Configure
Protezione da frodi e furti
Knox Guard
Piano di protezione dei dispositivi
Samsung Care+ for Business
Altri prodotti e servizi

Inizia a utilizzare

[Image] Knox Suite

Una soluzione completa in bundle, appositamente concepita per la mobilità aziendale.

  • Ottieni una prova gratuira di 90 giorni per un massimo di 30 dispositivi.
  • Un set di strumenti completo per proteggere, distribuire, gestire e analizzare i dispositivi della tua azienda.
  • Prova le straordinarie funzionalità di Knox Suite

Knox Suite comprende:

Knox Mobile Enrollment Gratuito
Knox Manage
Knox E-FOTA
Knox Asset Intelligence
Knox Platform for Enterprise Gratuito
Supporto remoto Knox
Knox Capture
Knox Authentication Manager

Inizia a utilizzare

[Image] Logo Knox Configure

Consenti il rebranding e la personalizzazione dei tuoi dispositivi Samsung.

  • Ottieni una prova gratuira di 90 giorni per un massimo di 30 dispositivi.
  • Configura da remoto i dispositivi Samsung in blocco e personalizzali in base alle tue esigenze specifiche per un uso immediato.
  • Configura i tuoi dispositivi per la singola distribuzione o aggiornali tutte le volte che vuoi.

Inizia a utilizzare

[Icon] Logo Knox Guard

Protezione da frodi e furti per i dispositivi Samsung.

  • Ottieni una prova gratuira di 90 giorni per un massimo di 30 dispositivi.
  • Riduci i rischi finanziari e proteggi gli asset controllando in remoto i dispositivi Samsung.
  • Prova tutte le funzionalità di Knox Guard, inclusi controllo della SIM e blocco del dispositivo.

Inizia a utilizzare

[Image] Logo Samsung Care Plus For Business

Piano di protezione per i dispositivi Samsung.

  • Limita le interruzioni delle attività con riparazioni e sostituzioni rapide dei dispositivi. Contatta l'ufficio vendite Samsung per iniziare.
  • Visualizza tutte le informazioni sulla copertura del tuo dispositivo e sul reclamo in un unico luogo.
  • Hai già acquistato Samsung Care+ for Business? Crea un account e attiva il piano nella console Samsung Care+ for Business.

Altri prodotti e servizi

[Image] Logo di altri prodotti

Soluzioni moderne per soddisfare le tue esigenze specifiche.

  • Ricevi supporto tecnico efficiente da parte di un account manager dedicato con Enterprise Tech Support.
  • Crea dispositivi su misura per la tua azienda utilizzando Samsung Software Customization Service.
CONTATTA L'UFFICIO VENDITE