CBI Blog Incident Response

Why an Incident Response Program Can Save Your Business

CBI Blog Incident Response

Any organization, regardless of how much they prepare, can still fall victim to an attack. How that organization responds to a cyber-attack can be the difference between losing minimal business productivity and money to sacrificing millions of dollars in revenue and lost time.

Incident response as a service can define the scope of that damage, and help make it manageable. First, let’s go through what types of attacks can warrant this organization-saving service.

Types of Attacks

APT

Better known as Advanced Persistent Threats, these are network attacks centralized on an unauthorized person gaining access to a network completely undetected with the goal of collecting as much data about the organization as possible. Over the years, these attacks have become more and more sophisticated. Many well-known attacks, including Titan Rain (2003), and Deep Panda (2015) were state-led. APT attacks can severely damage an organization if intellectual property is stolen.

0-Day Vulnerability

These are unknown exploits in the wild that are unknown to the software vendor or organization. Vendors scramble to fix these vulnerabilities once they are made aware of them. Hackers can utilize this security gap by writing an exploit to damage your organization.

User Deception: Social Engineering, Phishing, and Malicious Insiders

All three of these attack forms use some technique involving deception to manipulate a user in either providing confidential information, or allowing a malicious person to gain access to the network. According to the 2017 Symantec Internet Security Threat Report, every 1 in 2,596 emails contained a phishing attack.

Malware

In 2016, there were more than 357 million malware variants associated with email phishing attacks. To simplify things, malware is a form of software that is intended to damage or cripple your operating system or network. Coming in an infinite number of forms, malware continues to evolve as the threat landscape begins to become more advanced and complicated. Every day there are more variants of malware created, especially on verticals with plenty of focus – including the cloud, mobile, and the Internet of Things.

Things Can, and Will Go Wrong

Besides the constant threat to your network, other elements of your network can suddenly go downhill as well. Human error, system malfunction, and theft are three other ways where incident response and readiness is crucial to put your organization back on track. All three missteps are unexpected, unwarranted, and uncommon – but if one happens you need an action plan to restore what’s been lost.

The Impact These Attacks Can Have on Your Business

A well-executed cyber-attack can damage several facets within your organization.

Financial

Global cost to companies due to cyber criminals continues to increase year over year. According to CNBC, cybercrime cost the global economy more than $450 billion in 2016. Only 47% of those companies were remotely prepared to field some form of an attack. The average cost per record breached was a cool $158. Incident response teams can decrease the overall cost of a breach by using SIEM and encryption extensively in the event of a breach.

Intellectual Property

Company data is always at risk. If an attack is executed properly, your IP can be stolen and sold off or utilized by the intruding party. No business is too small to be affected by a strategy like this; whether you store credit card information, or have confidential engineering blueprints, protection is crucial.

Reputation

We’ve seen it happen time and time again. Large enterprises like Target, Walmart, Best Buy and public universities like UCLA and Michigan State University have been compromised in past attacks. This creates conversations in the press and among the public that can undermine trust for your organization. Controlling the damage with a correct incident response plan can soften the blow to your company’s reputation.

How CBI’s Incident Response Program Can Help

We have a proven track record working with customers to control and remediate critical incidents that have jeopardized their business. CBI has comprehensive expertise to deal with traditional threats like ransomware, in addition to more advanced and sophisticated threats. Our team combines the skills they have developed, with cutting edge security tools, both commercial and open source, to quickly control the incident, remediate the threat, and to provide recommendations that outline what steps can be taken to minimize the risk from future incidents.

Compliance

At the start of an incident response program, making sure your organization is compliant is important to control the current situation and prevent future attacks and hindrances of business. We have experts who can talk to all elements of PCI-DSS and HIPAA compliance to ensure you’re up to date on the most recent mandates.

Cost Savings

Implementing a comprehensive IR plan can save your enterprise thousands, if not millions of dollars in the long-run. CBI’s Incident Response program will cost a sliver of what your organization could pay over an extended period of loss of business, future breaches, and delaying a full restoration and function of your network.

Contain, Collect, Communicate, Correlate

First, CBI’s experts contain the recent incident to stop it from spreading or wreaking any more havoc within your network and organization. Once it’s contained, our job is to collect as much data as possible about how this event occurred. What was the source of the attack, what data was lost, what vulnerabilities were exploited, etc. Communicating all our findings to you and your organization is our biggest priority in this process. This open line of communication moves us to into a situation where we can correlate how this event occurred at every step – which will lead to us helping you ensure an attack does not happen in the future.

Preparation for the Future

We will help you be prepared for the future within your threat landscape. Testing the environment often and practicing using various tools will streamline this recovery process and prepare your organization in the future. Sharing knowledge using threat intelligence, the information sharing and analysis centers (per industry), and utilizing a CBI run/play book will comprehensively place a plan in front of your team for the next time your organization could be compromised. On top of that, an IR Retainer can set your organization up for success in preparation for a breach. The IR Retainer has amazing value and cuts down response time from both your organization and CBI, and can be structured in various ways that are agreed upon. Reach out to us if you have any questions about our Incident Response program and how it can benefit, or even save your business during a cyber-attack.

CBI Blue Team Logo

Eric Randle

Eric is one of CBI’s senior penetration testers with more than 10 years of experience. Utilizing his background in IT auditing, and web application security, Eric is extremely advanced in knowledge regarding penetration testing, identifying security threats and issues, and incident response. Eric excels in services that can save an organization from huge security issues that can damage their environment.