Intelligent SME.tech Issue 23 | Page 43

intelligent

// FEATURE //

4 . Eradication
This process includes identifying the point of intrusion , assessing the attack surface and removing any remaining backdoor access . At this stage , the incident response team neutralises any remaining attacks . As part of this step , the team determines the root cause of the incident to understand how to prevent similar attacks .
5 . Recovery
At this stage , the incident response team returns systems to normal operation . Compromised accounts are given new , more secure passwords , or replaced with a more secure access method . Vulnerabilities are remediated , functionality is assessed and normal operations resume .
6 . Recommendations
There are lessons to learn from any cybersecurity incident , both at the process level and because threats are constantly changing and evolving . Learning from experience and pinpointing what went wrong is a crucial step in improving your ongoing incident response plan . It is a good practice to perform a post-mortem meeting with the entire team to provide feedback on what worked and what didn ’ t , and raise suggestions for process improvement .
The first 72 hours after a data breach are critical . Every decision that an organisation makes can carry financial , legal , regulatory , investigatory and perception repercussions .
This can include disruption of operations , client blowback , increased security and insurance budgets , intellectual property theft , the devaluation of a company ’ s name ( potentially resulting in a stock price dip or drop in investor confidence ) and more .
Furthermore , the number of cyberattacks – particularly ransomware attacks – has skyrocketed , with cybercriminals taking advantage of a vastly expanded attack surface . It ’ s therefore vital that organisations actively prepare for cyberattacks , either by bolstering their own cybersecurity and incident response capabilities , or by engaging with an MSSP to make cyber preparedness both a business protector and enabler for growth . �

INCIDENT RESPONSE TEAMS MUST ALSO DISTINGUISH BETWEEN BENIGN ACTIVITY AND TRUE MALICIOUS BEHAVIOUR .
Intelligent SME . tech
. tech
43