Imagine the following scenario: you arrive early to work in the morning, plop down at your desk with coffee in hand, and log in to your computer. You’re excited to start working on a big project, but first you are greeted with this message:

Quickly, you dash over to a colleagues’ desk. They too, have the same message on their desk. You try dialing your IT department, but they don’t start until normal business hours.

What do you do? Where do you even start?

It’s easy to think that the above scenario would never happen to you. In reality, a 2020 survey of 600 businesses in the United States revealed that a staggering 78% had been infected with ransomware that year. The average cost of recovering from a ransomware attack has spiked to $1.85 million in 2021!

Ransomware isn’t the only threat to your business continuity. In February 2021, the state of Texas suffered massive power outages due to a severe winter storm. At least 151 people died as a result. Property damage has been estimated at more than $195 billion.

What do these scenarios have in common? They demonstrate the need to prepare for the worst; this is the essence of Incident Response.

What is Incident Response anyway?

Every organization needs to have an Incident Response Plan (IRP). The team that executes the IRP is the Computer Incident Response Team (CIRT). The most important feature of both the IRP and CIRT is that they are clearly defined before the incident takes place! Disaster recovery is hardest when preparation is lacking.

The Incident Response Plan details who does what if an incident does happen. This can include using alternate systems, notifying stakeholders, or restoring from backups.

Perhaps the most important part of the Incident Response Plan is the postmortem. Now that you’ve recovered, what will you do in order to ensure that attackers won’t attack again using the exact same methods? The Incident Response Team will identify what door the attackers used to get in and make sure it stays shut.

Why do I need Incident Response?

I’m so glad you asked. Here’s three reasons why you need Incident Response for your organization:

1.     The probability of an incident has never been higher.

Ransomware is pervasive. At this point, we need to ask ourselves not “will I get breached?” but “when will I get breached?”

A proper defense has multiple layers. Having a fence around your house is nice, but you’ll still have homeowners’ insurance. Incident Response is a way to mitigate the risks of ransomware that we can’t avoid.

2.     The cost of an incident has never been higher.

How much would it cost to replace your entire infrastructure? The nasty aspect of ransomware is that, in some cases, the only way to ensure that the attackers have been completely removed from your environment is to start from scratch. This means replacing every workstation and server in your organization.

Sometimes, there simply isn’t a price to pay; there may not even be new hardware available to purchase with a global silicon chip shortage.

3.     You can’t afford not to.

Every business owes itself to do a risk analysis of a ransomware attack. What would be the cost of not doing business for an hour? A day? A week? You will find that incident response is a necessary piece of the plan for protecting your assets and business continuity.

CyberSecOp is a leader in the Incident Response field. CyberSecOp consultants are cyber incident response subject matter experts who have collaborated on numerous security projects and operational improvement initiatives. We will support your security operational activities by helping to develop an incident response plan and work with your IT team to mitigate any potential risk. Our teams will create investigative processes and playbooks. In addition, we will be responsible for continuously identifying gaps and managing the improvements in the security response process, technologies, and monitoring. Working closely with internal architecture, engineering, and project management teams will ensure cyber-defense requirements are identified and communicated early in the project life cycle.

Security incident response services with CyberSecOp

• Support cyber incident response actions to ensure proper assessment, containment, mitigation, and documentation

• Support cyber investigations for large- and small-scale security incident breaches

• Review and analyze cyber threats and provide SME support

• Interact and assist other investigative teams within on time sensitive, critical investigations

• Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents

• Manage the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud- and on-premise-based applications, services and platforms

• Maintain detailed tracking plan of all internal/external enrollment outcomes/recommendations and provide support through to implementation

• Act as a liaison between cyber-defense, engineering, security architecture, network & system operations, and functional project teams to ensure effective project implementation that meets incident response requirements

• Define baseline security monitoring requirements for all new projects, services, and applications joining your organization's network

• Facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting

 Don’t delay in ensuring that your business can survive any threat. Join CyberSecOp on your journey towards a safe and protected future.

Author: Josh Cabrera