In Depth

Incident Response: When Bad Things Happen to Good Companies

If you don't have a clear incident response plan in place, you risk losing millions of dollars.

By Simone Kaplan

May 01, 2003CSO — Were there a computer Incident Hall of Fame, you could probably imagine strolling the halls and browsing through exhibits of history's most dynamic electronic viruses and worms—the villains whose names have sent shivers down the spine of any security expert equipped with a decent memory: The Morris Worm, Melissa, Nimda, Code Red, LoveLetter, Klez and, of course, the most recent inductee, SQL Slammer. You might also see some of the more notorious service outages, hacker penetrations, denials of service, malicious e-mail and Internet attacks on display. All have caused varying degrees of chaos, and some have even stopped businesses in their tracks, crippling productivity and costing millions of dollars in lost commerce.

And yet all could have been tamed. Had someone the foresight to put an incident response plan in place, those viruses and worms and outages and attacks might not be so infamous today.

Of course, such a place doesn't really exist, but the threat of cyberattacks does. And it's growing every day, due in part to the widespread use of e-mail and the Internet. According to statistics from Carnegie Mellon's CERT Coordination Center (CERT/CC), the number of reported cyberincidents has surged from only six in 1988 to a whopping 82,000 in 2002. Despite the rising threat, however, CERT/CC finds that most CSOs don't even think about their response to an incident until after they've experienced an intrusion of some sort, says Chad Dougherty, an Internet security analyst at CERT/CC. "That's because most companies feel relatively safe. They believe that the hackers won't target them, specifically," he says.

But they'd be wrong, says Dougherty. The majority of computer incidents are no longer focused on a particular company. "Most attacks now are automated," he says. "They spread with the intent to damage everyone and everything they can."

Clearly, it's time for CSOs to come to terms with the need for response planning. "For a long time, incident response meant having a loose team of people on call if something went wrong," says Gene Fredriksen, vice president of information security at Raymond James Financial. "Then companies started getting hit regularly, and I think CSOs are finally beginning to realize that incident response is not optional."

Not optional, but also not easy. Even a well-prepared CSO knows that an incident response plan can't keep his company completely safe from attackeven with the latest tools for intrusion detection. "There's just no such thing as zero risk," says Leslie Macartney, CISO for Reuters. "And you can't always predict the number, nature or severity of the attacks. But incident response plans are necessary because, in short, no matter how much you try, things will occasionally go wrong. Your company is at its greatest exposure in the time between when an incident occurs and when the containment actions are completedthat's when most of the damage occurs."

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
IT productivity challenges: Google survey results

GoogleIn this webcast, Google reveals results from a survey of message security and compliance priorities and concerns. Download a free copy of the survey report after registering.

» Watch the Webcast

Featured Sponsors
Sponsored Links

Secure your virtual and physical environments with the same software.

Can Google help you save time and money in your fight against spam?

An Executive Guide to Understanding Hosted Messaging Systems

ITCi White Paper: Challenges and Opportunities of PCI

The PCI Data Security Standard

Hardware-based security. That's IT as it should be.

A Guide to Providing Proactive Protection to Consumer Online Transactions

Webcast: Best practices in application security: How do you stack up?

White Paper: Use DAM technology when there is a need for granular monitoring.

This white paper presents document security strategies and best practices

IT Service Management: Metrics That Matter

White Paper: Learn more about how you can use compliance as a means of competitive differentiation.

Simple, Economical Server Virtualization For Any Size Company

Global Companies' Best Practices for Security and Compliance

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Eliminate network threats and downtime with Juniper Networks. View demo

Configuration Audit and Control for Virtualized Environments

Webcast: learn results from an annual Google message security survey of 575 global IT professionals

This whitepaper describes how you can test your Web applications with virtualization

Read The Evolution of Application Security in Online Banking White Paper

White Paper: Learn how to use Adaptec(R) Snap Server(TM) with MOBOTIX IP Network Cameras

Compliance: Moving From Mandate to Differentiator White Paper