Cyber-attacks in organizations have become the growing trend across industries, challenging people, processes, and technologies day-by-day. Over the past few decades, corporate networks have gone from minimal sharing to data overload due to the sheer volumes being transmitted across the globe. Hackers are presented with numerous opportunities to steal sensitive data and the investigators are having hard time cracking down and defending against advanced persistent threats.
Incident Response Planning can help organizations combat cyber threats and, in this article, we are going to see some key security strategies used by companies globally, a brief overview of key vulnerabilities growing in the market – be it a security incident or a data breach, how can some of the key steps taken by the organizations reduce the vulnerabilities handle breaches effectively.
An effective incidence response plan is designed to prevent security incidents/breaches and takes all phases of an invasion into consideration. There are specific areas within each area of planning that have to be addressed and the key phases are preparation, identification, containment, eradication, recovery, and lessons learned.
Some of the key incident response planning features are –
- Keeping incident response plans short and sweet (make them easy to grasp for all employees)
- Making a profile of cyber adversaries and know who are being targeted
- What key steps to take immediately when an attack occurs?
- Review how well they work and test plans periodically for maximum effectiveness
Best Practices recommended by Security Experts
- Implement an Awareness and Training Program – End-users are top targets, so everyone in your organization needs to be aware of the threat of ransomware and how it’s delivered.
- Scan and filter all incoming and outgoing emails – Use content scanning and email filtering to detect threats before they reach end users.
- Enable strong Spam Filters – This is to prevent phishing emails from reaching end users.
- Configure Firewalls – This allows authorized users to access data, while blocking access to known malicious IP addresses
- Logically separate Networks – This helps prevent the spread of malware. If every user and server is on the same network, the most recent variants can spread.
- Use the principle of least privilege to manage accounts – Users should not be assigned administrative access unless absolutely needed
- Use Application control on critical systems – Default-deny policy for non-approved programs and scripts to stop ransomware before it can access your critical assets.
- Patch Operating systems, Software, and firmware on devices. Consider using a centralized patch-management system.
- Back up data regularly – Verify the integrity of those backups and test the restoration process to ensure it’s working
- Secure your offline backups – Ensure backups are not connected permanently to the computers and networks they are backing up
- Conduct an Annual Penetration test and Vulnerability assessment
Conclusion
The goal of cyber security planning and execution is to minimize the risk of future security breaches and ensure data is well protected inside organizations. A coordinated, comprehensive, and well-planned best practices of security measures is a good start for companies which are preparing for cyber security incidents/attacks that are emerging lately. What worked in the previous years may not work for today’s threat. Therefore, robust planning is a constant, evolving and ongoing process.
About the Author –
Kavitha Srinivasulu
Kavitha has 18+ years of experience focused on CyberSecurity, Data Privacy, Business Resilience, Security Assurance and Vendor/3rd party Risk Management across Healthcare, Financial Services, Telecom, IT Services and Product Corporates.
She is a natural leader with versatility to negotiate and influence at all levels. Kavitha is self-driven and is willing to learn from everything life has to offer.
Back to blogsSHARE
