Incident Response Plans: A Tool in Your Arsenal Against Cyberattacks

Currently Being Edited - Check Back for Updates!

Malware. Ransomware. Phishing. DDoS. Insider Threat. Zero-Day Exploit. The number of cybersecurity attack incidents continues to increase exponentially.

During the third quarter of 2022, internet users worldwide saw approximately 15 million data breaches, up 167% compared to the previous quarter. Small to medium-sized businesses were the likely targets, as these companies are three times more likely to be attacked by cyber-criminals than large businesses and corporations.

These attacks have the potential for costly disruptions to operations and the loss of critical information and data. A former executive at a U.S.-based manufacturing company hit by a ransomware attack equated it to being “punched in the stomach and losing all the air in your diaphragm, and about four weeks later, learning how to breath again."

The repercussions of an attack on a business can be strong, long-lasting and expensive. A quick and clean resolution is often unrealistic. Authorities discourage businesses from paying a ransom as it can encourage further hacks and enrich cybercriminals. But some companies opt to pay off their attackers to stay in business.

In recent cases:

•  A May 2021 ransomware attack on Colonial Pipeline forced the fuel pipeline operator to shut down for days. A $4.4 million ransom was paid to resume operations, and to get fuel shipments moving to the East Coast. The Justice Department later recovered almost half that money from the hackers.
• An April 2021 ransomware attack on a U.S.-based manufacturer affected. A $200,000+ ransom was paid to cyberthieves. Business operations resumed after all hardware and software was replaced.
• On September 5, 2022, the Los Angeles Unified School District, one of the largest school districts in the U.S., announced late that it had been hit by ransomware. It was recently revealed that hackers leaked 500GB during the ransomware attack and is deemed the largest education breach in recent years. Thus far the school district has not paid any ransom, with computers and assets in the hands of authorities.
• In 2021, a Texas school district paid more than half a million dollars in ransom to restore access to its system and prevent the posting of sensitive data online.

Which Response is the Correct Response?

The answer lies in the company's Incident Response Plan. According to DataSure24’s Chief Technology Officer Mark Musone, there is a huge gap in the knowledge of what to do when an intrusion occurs. That’s why it’s important for companies to work with cybersecurity professionals like DataSure24 when developing and implementing an Incident Response Plan. These companies can help ensure you have "all your ducks in a row".

According to the National Institute of Standards and Technology, an Incident Response Plan:

• Outlines how to minimize the duration and damage of security incidents
• Identifies stakeholders
• Streamlines digital forensics
• Improves recovery time
• Reduces negative publicity and customer turnover.

Incident response methodologies typically emphasize preparation—not only establishing an incident response capability so that the organization is ready to respond to incidents, but also preventing incidents by ensuring that systems, networks, and applications are sufficiently secure. Although the incident response team is not typically responsible for incident prevention, it is fundamental to the success of incident response programs.

An Incident Response Plan should address ALL possible scenarios in response to a successful cyberattack.

For example:

• What data and/or systems are affected?
• Who is the first person to call?
• How do I communicate if I don't have access to my files?
• How can I access my data?
• Is there a back-up system that's not connected to the internet?
• How do I run the business, keep operations going?
• What information do I need to keep a hard copy of in my file cabinet?

While it's impossible to remove all security issues, an effective Incident Response Plan can mitigate the largest cybersecurity threats. Despite another record year of breaches—15 million data breaches between July–September 2022 alone—including Solar Winds, Colonial Pipeline and others, however, half of U.S. businesses still have not put a cybersecurity risk plan in place. 

Cybersecurity should always be a business priority. Unprepared organizations will become easy targets for cyberattacks. Now is the time to learn the potential cybersecurity risks for your business, and build a complete cybersecurity plan.

Does your company have the right cybersecurity plan in place? Contact us for more information on how our customizable services may help protect your business.

Posted by Katie Cassens