What's Your Incident Response Plan?

Ale Espinosa We keep rainy day funds. Our cars all have a spare tire. We buy life, car, and home insurance. We organize fire drills and have earthquake emergency kits. We understand that life may go awry at times, and have made investments and plans to help us limit, escape, or better endure the damage, when things don’t go as planned.

As perimeter security technologies become insufficient for the detection of advanced threats like rootkits, polymorphic worms, insider attacks, and zero-day malware, your incident response plan will work as the “rainy day fund” or “fire drill” of your cybersecurity efforts in the event of a breach. But, despite the vast amount of data on the growing number of cyber-attacks occurring each day – Guidance Software estimates it at half a million for government agencies and Fortune500 companies – many organizations have yet to create and put in place a formal incident response plan.

Truth is, your organization is more likely to be the victim of at least one security breach over the next year, than you are to deplete your rainy day fund, submit an insurance claim, escape a burning or collapsed building, or use your car’s spare tire during the same period of time. Your incident response plan as well as your investment in remediation software will see more use in a year than your own personal “rainy day” investments.

Just last week, research firm Forrester released a report on the Total Economic Impact of EnCase Cybersecurity for Incident Response. The study revealed that an investment in EnCase Cybersecurity, our incident response and sensitive data auditing software, will pay for itself in just over four months. Using a Guidance Software client and EnCase Cybersecurity user as the subject of the study, Forrester investigated the benefits, costs, and return on investment experienced by the client, a global automobile manufacturer. Forrester confirmed the findings and determined that EnCase Cybersecurity users should expect a 388% return on their investment.

The study also revealed additional verified benefits of using EnCase Cybersecurity, including an 89% reduction in time to validate and triage threats, a 90% reduction in time to remediate breaches, and a 98% reduction in server downtime and associated impact to the business.

If your organization isn’t prepared to properly deal with the unavoidable threat of a security breach, you should consider doing so immediately. Your incident response plan should include:

• The steps your team must follow once a threat alert is received – from initial response, to investigation, remediation, and recovery
• A description of the tools you have in place for incident response, remediation, and data auditing
• A system to categorize the threat level of the incident to help you in prioritizing threats
• A list of key stakeholders in the incident response process
• Requirements for the reporting of an incident
• An escalation process
• How and when to handle press relations and communication with law enforcement, if needed

What best practices has your organization implemented to respond to and remediate cyber breaches? Drop us a line in the Comments box!

To download Forrester’s Total Economic Impact of EnCase Cybersecurity for Incident Response, please visit http://www.encase.com/TEIreport.