Expect a Breach and Be Prepared to Respond with an Incident Response Plan

Posted on March 2, 2015 by ashley


In today’s cybersecurity landscape, organizations now realize that the question of “if” they will be targeted by a cyber attack is no longer valid; they should be asking themselves “when” it will happen and if they are prepared. Cyber criminals, driven by various motives, continue to develop highly-focused attacks to steal an organization’s valuable intellectual property as well as customer, partner and employee data. When attackers have the right resources (excess time and money), even the largest organizations are at risk – as we have seen in recent news. Today’s attackers are skilled, well-funded, patient, targeted and carefully cover their tracks when gaming a system.

The average cost of a data breach is $3.5 million, up 15% from 2013. For each lost record the cost on average $136, up 9% from 2013. Source: Ponemon Institute



It isn’t reasonable to think that every cyber attack can be prevented, but it is reasonable that those who have a stake in your company expect you to have plans for breach prevention and incident response.  If your organization is unable to adequately contain a breach and handle the aftermath, you could lose millions or your business itself.

Nortel Networks: ZDNet reported alleged Chinese attackers compromised the company for almost a decade. In four years’ time, Nortel finally detected the breach but then failed to follow a recommendation given by a consultant which led to a filing for bankruptcy protection six years later.

Target: A US Senate report on the breach states, “Target missed information provided by its anti-intrusion software about the attacker’s escape plan, allowing attackers to steal as many as 110 million customer records.”

The new pressure on boards to engage in protection of the company’s data and their incident response plans is one unexpected result of the Target breach that experts can agree on. Seven out of ten board members were recommended to step down by the proxy advisor Institutional Shareholder Services (ISS) who places responsibility on the committees that were supposed to ensure proper risk management

Sony Pictures Entertainment: This large-scale breach prevented the release of a film that cost $40 million to produce, and Wired Magazine reported that former employees are suing the company for failing to protect their personal data.

JPMorgan Chase: Bloomberg reported that JPMorgan Chase spent $250 million annually for cybersecurity but was unable to prevent the intrusion that led to the exposure of 76 million households’ data.



Compliance Corner: How Incident Response is Regulated Today

  • Almost every state requires breach notification, and lobbying efforts are under way to create a single US national standard on how organizations notify customers of a data breach.
  • The SEC has issued breach notification guidance for all publicly traded companies on US exchanges.
  • Some US federal laws, such as HITECH, require breach notification.
  • The PCI Data Security Standard provides very specific guidance on incident response.
  • The National Credit Union Administration (NCUA) has issued a new cybersecurity and incident response advisory that field staff will evaluate credit unions’ capacity to recover and resume operations in the event a security breach does occur.

Establish Your Incident Management Program

Once an attack has already occurred, it is too late to map out your response plan. Without a plan already in place, it is nearly impossible to contain or stop the breach while investigating and restoring IT services.

To have an effective incident management program, it must be on-going and enable you to identify risk. You can’t perceive the effort as just another regulatory obligation because it can mean the difference between your organization’s recovery and future success or irreparable damage. Implement an ongoing program, define your procedures, test them, and train as many people inside and outside of IT as you can. Set a baseline today, layout a roadmap for future improvement, and begin developing relationships with peers and other industry experts to share best practices.

Learn how one credit union leveraged cprlorca’s cloud-based software solution, TraceCSO, to create an incident response policy as well as leverage pre-built workflow, forms and testing capabilities that allowed the institution to prove their capacity to recover from a breach. Click here to download the TraceCSO Incident Response Use Case.

incident response use case

Posted in Incident Response Management

Test de Penetrare, Scanare de Vulnerabilitati, MoldovaTeste de Penetrare, Scanari de Vulnerabilitati, MoldovaPenetration Testing Moldova, Penetration Test Moldova, LogicalPoint