Skip to content

Understanding the Stages of Incident Response in the Cybercrime Era

Cybersecurity threats are coming at organizations from everywhere. Lately, ransomware has been headline news as JBS, the largest global beef supplier, paid $11 million to the Russian hacker group REvil after they breached the company’s networks. Unfortunately, ransomware attacks are becoming even more sophisticated. Some recent attacks find their way into networks and exfiltrate the data, essentially stealing it, then threatening to either sell it on the dark web or publish it elsewhere unless the victim pays the ransom.

Hackers are even finding ways to get to your backups once they gain access to your network. If that happens and they delete your backups, it doesn’t matter whether the backups are on-premises or in the cloud—they are gone. And paying the ransom is no guarantee that you’ll get your data back. But now, there’s an even more significant threat that has come into play: jackware. Jackware hijacks the actual physical devices—from embedded internet of things (IoT) devices to smartphones—core to our everyday lives. Think everything from your car’s navigational system to your company’s physical security hardware and software. Quest’s cybersecurity team thinks jackware could have an impact up to ten times greater than current ransomware threats.

Whether it’s ransomware or another form of malware, any breach can cause severe damage to your organization. The Ponemon Institute says the average total cost of a data breach in the U.S. was $8.64 million in 2020.

Ramp up your cybersecurity defenses and data protections

How you respond to an incident can mean the difference between staying in business or shutting your doors. But before you even worry about emergency incident response, you need to be as prepared as possible for whatever cyber threats may come your way. That should start with understanding the new rules for cybersecurity and how to shore up your cyber defenses. Having a solid data backup and disaster recovery plan in place is also a high priority. And it should include frequent backups that take immutable snapshots of your data, since immutable backups cannot be altered or deleted.

Quest CTA RansomwareResiliencyDownload

Prepare your emergency incident response plan

At the same, you need to create an incident response plan that details how you’ll get your organization moving again if your worst fears come true. Put a plan in place that defines the stages of incident response to respond faster and minimize the damage that occurs. As you develop your plan, it’s essential that you are aware of three core remediation stages: isolate, identify, and recover.

A major enemy of effective emergency incident response is time. Every minute a hacker is on your network is another minute during which they can do more damage. So, the first stage is to isolate your networks and take vulnerable systems offline. Next, it’s crucial to identify the threat so you can understand how to counteract it. In the final stage when the threat is eradicated, your systems can be restored.

Identify your critical systems and services

The first step in developing your incident response plan is understanding what systems and services matter most to your organization. What systems should be brought back online first? What is the order for restoring other systems? And you need to know who is responsible for these systems because you’ll want to get that person involved and accessible at a moment’s notice if disaster does strike. Include the location of license keys, installation media, support contracts, and anything else you need to ensure a smooth recovery.

It’s also important to understand how your systems and services fit in with your overall disaster recovery plan. A model of your infrastructure terrain is a helpful tool for aiding recovery.

Add next-level emergency incident response

Understanding the three stages of emergency incident response—isolate, identify, and recover—gives you a solid foundation for building your plan. It’s also worth considering bringing on a 24/7 cybersecurity incident response service. That high level of support ensures an immediate, effective, and skillful response to any unexpected event involving your systems, networks, or databases. And consider holding a cybersecurity workshop so you can be completely confident in the strength of your defenses.

Finally, while all these steps can help you respond more quickly and efficiently, it is worth looking at cybersecurity insurance as part of your plan. That way, if all else fails, you’ll be able to contain your losses to a tolerable degree.

I hope this post has shed some light on emergency incident response and been a worthwhile use of your time.

Thank you for trusting us to help with your cybersecurity needs. Contact us any time—we’re always happy to help.

Jon

Meet the Author
Jon Bolden is Quest's Certified Information Systems Security Officer
Contact Quest Today  ˄
close slider