Understanding Incident Management: Your Cyber Safety Net

The importance of safeguarding your organisation’s assets, brand, and reputation against cyber threats cannot be overstated, and so goes the saying “prevention is always cheaper than the cure”, but what about when the worst has already happened?

This month we are focusing on Incident Response, which is often shortened to IR and is a part of Incident Management. We’re deep diving into IR services, and why all organisations need access to IR expertise and support. Discover how to contain and put out the fires that cyber incidents inevitably create with practical strategies for strengthening your organisation’s cyber safety net.

What is Incident Response?

Incident response is a structured approach to addressing and managing the immediate aftermath of a cyber attack or data breach. The incident response process often involves various stages including detection, containment, eradication, remediation, recovery, and lessons learned.

10 Steps to Cyber Security

Incident Management

Jonathon Hope, Senior Technology Evangelist at Sophos, joins the 10 Steps to Cyber Security Series for a deep dive into incident management and how organisations can better prepare for cyber incidents. They cover:
  • What is incident management is and why it is important?
  • Incident management in practice: protecting your data and securing your organisation

Incident Response Retainers: Are They Really Necessary?

Incident response retainer services offer organisations proactive support and expertise in handling cyber incidents effectively. These retainer services provide organisations with access to a team of dedicated cyber security professionals who can rapidly respond to incidents when needed. These experts conduct forensic investigations, compromise assessments, and other critical tasks to minimise potential damage and mitigate risks. Additionally, they may offer guidance on handling fallout and media coverage of incidents, ensuring that organisations maintain transparency and effectively manage public perception.

While incident response retainers may initially seem like an additional expense burdening already stringent budgets, their value cannot be overstated. In fact, investing in an incident response retainer can potentially save organisations from incurring staggering costs in the aftermath of a cyber attack.

The reality is that cyber threats are becoming increasingly sophisticated and pervasive, making it not a matter of if, but when, an organisation will face a cyber incident. When such incidents occur, the financial and reputational consequences can be devastating. From the costs associated with downtime, data loss, and recovery efforts to the damage inflicted on brand reputation and customer trust, the fallout of a cyber-attack can be significant.

Furthermore, as we touched on in Reducing Your Cyber Insurance Premiums blog, having an incident response retainer in place can also demonstrate to cyber insurance providers that the organisation is taking proactive steps to manage and mitigate cyber risks, potentially leading to reduced insurance premiums. In essence, incident response retainers serve as a crucial safety net, offering peace of mind and financial protection in the face of evolving cyber threats.

Fail to Prepare; Prepare to Fail

Real-world incidents serve as poignant reminders of the critical importance of robust incident response capabilities. Take, for instance, the notorious NotPetya cyber-attack on Maersk in 2017. Detailed in The Daily Swig, this incident underscored the need for resilience and preparedness in mitigating the impact of cyber threats.

Furthermore, insights from Ship Technology shed light on the vulnerabilities exposed by the Maersk cyber-attack. A study by Futurenautics revealed that 44% of ship operators at the time did not believe that their companies’ cyber security defence capabilities were sufficient enough to repel cyber-attacks, and that 39% had experienced a cyber-attack in the last 12 months. These findings emphasised the urgent need for under-prepared industries to fortify their cyber security posture and adapt to the ever-changing threat landscape.

It was not just the maritime industry that demonstrated the need for industry-wide, incident response readiness. In the same year as the Maersk incident, the infamous WannaCry ransomware attack wreaked havoc on various organisations around the world, particularly the National Health Service (NHS). The WannaCry attack exploited vulnerabilities in outdated software systems, leading to widespread disruption of NHS services, including cancelled appointments, delayed surgeries, and compromised patient care. According to a “Lessons Learned” report by NHS England following the incident, The attack led to the disruption of services in one third of hospital trusts in England, with 80 out of 236 trusts effected.

A recent report conducted by Pheonix Software and the National Housing Federation (NHF) titled “The State of Cyber Security in Housing 2023’ found that just 4% of UK housing associations feel sector is fully prepared for ransomware attack.

It’s not just specific industries that are underprepared, as research found that 73% of surveyed organisations across the U.S., EMEA and APAC countries suffered a ransomware attack in 2022, with 38% being attacked more than once. (source: PR Newswire).

Facing a rapidly changing threat landscape; Ransomware attacks becoming more advanced and frequent, the emergence of AI in cyber attacks, geo-political tensions and increasing concerns about threats to national infrastructure, organisations across all sectors must take proactive steps to enhance their incident response capabilities. Initiatives like Red Teaming and Penetration Testing offer valuable opportunities for organisations to test and refine their incident response procedures through simulated scenarios, ensuring readiness to effectively mitigate cyber attacks.

Leveraging specialised incident response services, from providers like Sophos, can provide organisations with expert guidance and support in navigating cyber incidents. By investing in comprehensive incident response solutions, regularly revising incident response plans, and actively participating in training and exercises, organisations can bolster their resilience against cyber threats and minimise the potential impact of security incidents.

Detect. Protect. Support.

Free Posture Assessment

Understand your security risks and how to fix them.

Take the first step to improving your cyber security posture, looking at ten key areas you and your organisation should focus on, backed by NCSC guidance.

Claim your free 30-minute guided posture assessment with a CyberLab expert.

Leave a Reply

You must be logged in to post a comment.