Protect Your Organization with Improved Incident Response
Emily Affinito | January 14, 2021
With teams dispersed over different geographies, time zones, and schedules, threat actors are taking advantage of work being done anywhere and everywhere, and the access that provides them. According to Accenture’s Ninth Annual Cost of CyberCrime Study, cyberattacks are becoming more sophisticated, and people-based attacks are the fastest-growing source of risk. Given rapidly changing work conditions over the past year, companies quickly adopted new security protocols without time for systematic training and investment.
Even though the new year brings hope for recovery from the COVID-19 pandemic, and companies are starting to consider how employees may safely return to the workplace, it’s unlikely to look the same as it did pre-pandemic. Now is the time to start planning for the different ways people will be working, whether in the office, from home, or a combination of both.
A well-planned incident response capability can protect your organization from external and internal threats, no matter where work takes place.
Establish a Dynamic and Interactive Enterprise-Wide Incident Response Plan
An incident response plan is a critical tool to initiate processes and assign responsible parties to respond to an incident in a way that limits operational and reputational damage, minimizes costs, and preserves resources. Cybersecurity incident response plans are essential for maintaining operational resilience and business continuity, yet 51% of respondents in IBM’s Cyber Resilient Organization Report 2020 said their plans were informal, ad hoc, or applied inconsistently across the enterprise.
A dynamic enterprise-wide incident management system limits risk to your organization by standardizing response protocols, automating processes, and notifying relevant parties when there is an incident. Effective incident response cannot happen with a static, email- or spreadsheet-based plan reliant on a few individuals.
As breaches can occur through multiple entry points, organizations must be capable of systematically identifying and responding to incidents, no matter where they occur. This is critically important for companies operating across multiple sites or geographies, where an incident may occur in one location while the risk owner sits in another location, potentially delaying response and/or mitigation.
An effective incident management solution supports an automated, consistent, and repeatable process, whereby appropriate parties across departments or locations are immediately informed and a plan of remediation can begin.
Use Incident Tracking to Inform Risk Calculations
A centralized repository of documented incidents and remediation measures can be a valuable tool for informing risk management. Insights from incident reporting can improve the prioritization of risk response and more accurately calculate the potential cost of future incidents.
Incident tracking also assists in capturing new or elevated risks. With the expansion of workplace flexibility, attack entry points and costs of incidents have grown. Regular review of permissions and authorizations should be completed in order to limit access to sensitive or valuable information. Should work resume in offices, some level of flexibility is likely to remain, requiring greater vigilance over a larger network.
A robust GRC platform and incident management solution can incorporate updated costs, increased probability of incidents, and new vectors of risk into dynamic risk calculations to help you prioritize processes and allocate resources based on the potential impact of an incident.
Improve Incident Response Through Employee Training and Awareness
The shift to remote work, as a result of the COVID-19 pandemic, magnified shortcomings in cybersecurity controls and operations. As companies now begin to contemplate a return to work, they will need to reconsider their security practices to protect operations and employees that may work from a central office, home, or a blend of the two.
Knowing from where and when employees are working is essential to monitoring and protecting the company’s stakeholders, network, and assets. Whether operating from an office or at home, employees must be trained and regularly reminded of security best practices, risk-mitigating behaviors, and incident response protocols. For those working from a centralized office, health related protocols and incident management should be designed, tested, and incorporated. This training should also be extended to third parties or other service providers.
With workers operating from company-owned or, in some cases, personal devices, an enterprise-wide incident management tool and training on its usage can keep your organization safe and minimize damage from incidents. Given increasingly flexible work arrangements, centralized reporting and automated workflows ensure that all relevant parties or departments within the organization are informed so that risks can be reduced and incidents resolved in a timely manner.
Designate a Review Committee
Rapidly evolving markets, expanding work perimeters, and increasingly aggressive threat actors mean even the best informed incident response plans can be ineffective in mitigating losses. Periodic review and audit of incident response plans are essential given the changing nature of work, heightened regulatory security, and increased data privacy requirements.
Collaborative review of security and incident response plans and workflows by a committee of stakeholders from different departments can optimize organizational awareness and response, while also highlighting vulnerabilities, bottlenecks, and inadequate compliance. Discussion of new or evolving trends can better prepare the organization to manage impending threats.
LogicGate Can Help
LogicGate's Incident Management Application helps you automate and adapt incident risk processes to your organization’s needs, allowing you to modify the rules and logic that drives the process. With an interactive Incident Response Plan, your organization can manage the risks of a rapidly changing work environment.