Why is incident response important?
Organisations across a wide variety of sectors use technology on a daily basis, however, with technology integration, remote working and many other factors, there are new cyber security threats emerging. Any activity that is not properly contained in a secure environment will usually escalate into a bigger problem that can result in a damaging security breach with potential disastrous consequences to your organisation.
Incident response allows an organisation to be prepared against these potential attacks and can be relied upon to identify security threats immediately.
The 6 phases in an incident response plan :
In any incident response plan, preparation is key. This phase of the plan will typically include employee training and developing security incident scenarios to ensure everyone knows the correct procedures if an incident occurs.
Identifying the breach
Phase 2 is identifying and determining whether you’ve been breached. As an incident or breach could originate from many different areas, it is important to consider the following questions:
- Has the source of the incident been identified?
- How was it discovered and by who?
- Have any other areas been affected by the incident?
- What procedures do you need to invoke following the incident?
Reduce the spread
When the incident is discovered it is important not to panic and delete everything – this could be important evidence in a potential investigation. Instead, it’s best to contain the breach so it doesn’t spread further or cause any long-term damage.
Once the breach has been contained the next step is to find and eliminate the root cause. Any malware should be removed at this stage and systems should again be hardened, patched and updates applied.
Following on from eradication the next thing to consider is the recovery process. This means restoring and returning affected systems and devices back into your business environment. It’s now a good time to think about getting all systems back up and running, if it is safe to do so.
After the investigation is complete and all systems are safe and secure, it’s good to discuss what has been learned from the data breach and how this affects the incident response plan. At this stage you can determine what worked well, what didn’t work so well and what could be changed moving forward in order to maintain a safe and secure environment.
Receive updates straight to your inbox
If you would like to be kept informed of our events and latest news, please subscribe to our newsletter.