• United States



CSO’s Incident Response Survival Guide

Dec 02, 20146 mins
Advanced Persistent ThreatsData Breach

Everything you you need to know to plan, detect, and successfully respond to data breaches

If there’s anything that has been proven in the past handful of years in information security, it’s that despite all of the talk and all of the spending on defensive technologies — from anti-malware to security event and information management systems – it’s just not realistic any organization to be able to block all serious attacks.

No one would argue that preventing attacks isn’t ideal: but that’s just not the reality we face. The reality is that most organizations will be breached at some point. As a result, most organizations need to better prepare for how they will identify and respond to attacks as they are underway.

That thought certainly matches anecdotal evidence from the number of organizations that have been breached at the same time they were also compliant to government or industry security regulations, such as PCI DSS. Also, according to the 2013 Verizon Data Breach Investigation Report, 66 percent of breaches in the past year took at least months, if not years, to be identified. That 66 percent figure is up from 55 percent in 2011 and 41 percent in 2010.

As Dan Polly, IT security officer at First Financial Bank, said to me in my story from last year, Beyond breach prevention: The need for adequate response, there are steep hurdles defenders face when it comes to keeping systems secure. “It’s interesting to look at malware over the last several years, and how very humbling it is when one considers the small amount of resources attackers must put into place to reach their objectives, against the rather sizable amount of resources defenders must have in place. It’s an incredibly asymmetrical situation,” Polly said at the time.

It’s still true this year, and will be true for many more years to come. It’s why the data security incident response market is set to boom. According to market research firm ABI research, the incident response market is expected to grow to an estimated $14.79 billion by 2017, up from $6 billion in 2012.

It’s also why we compiled this Incident Response Survival Guide, which is a listing of the best CSOonline articles about the need for incident response, as well as effective threat modeling, incident response planning, as well as detection and response.

The Need for Effective Incident Response

The cost of cyber security breaches is high. And many of those costs are associated with not understanding the challenge, or understanding why effective response is so important to keeping costs and risks low.

Nearly a billion records were compromised in 2014

In first nine months of 2014, after 1,922 confirmed incidents, criminals managed to compromise 904 million records. Many of the incidents reported in 2014 were record setting, including twenty of them that resulted in the compromise of more than a million records each.

Beyond breach prevention: The need for adequate response

As threats have evolved, more enterprises are struggling with quickly finding malware that has infected their systems

RSAC 2014: Experts discuss the harsh realities of Incident Response

How well is incident response working for corporations effected by security incidents? A panel at RSA says there is still a lot of work to be done

It’s Not Easy Being Breached: Calculating the Cost of a Cybersecurity Breach

Surviving an information security incident is just the beginning. Then you need to figure out what it really cost.

Threat Modeling: A Precursor to Effective Planning

When it comes to building an effective incident response plan, the best organizations identify the types of attackers that will target their organization, their motivation, and the type of data they will target.

CSO’s guide to Advanced Persistent Threats

In this series of articles, we examine the processes, tools, and methods used by criminals during a targeted attack.

What kind of target are you?

Some attackers want money or data, while others hope to make you look bad. What do you have that might put you on a hacker’s hit list?

Can threat modeling keep security a step ahead of the risks?

CSOs need to more precisely understand the actual threats facing their organization. The fix? Threat modeling.

Decoding threat intelligence

One mistake in understanding the nature of the threats to your enterprise can have dire consequences, says Accuvant’s Jason Clark.

Effective Incident Response Planning

There is no way to effectively respond to a breach without having a plan in place. These articles show you how.

 Incident response plans badly lacking, experts say

The Gawker Media breach goes to show that the time to put a security incident response plan in place isn’t in the heat of the action.

 Fatal half-measures in incident response

It’s not a matter of if, but when, you are breached. So what’s your plan?

 What CIOs can learn from the biggest data breaches

A postmortem analysis of some of the biggest recent data breaches offers IT leaders several pieces of advice for staying a step ahead of hackers.

 6 tips for effective security tabletop testing

What are the best practices for using security tabletop exercises? We asked some security executives to weigh in on the topic and here are a few of their suggestions.

Breach blanket: To contain the damage, plan ahead – way ahead

Data breaches are a fact of life. But the damage from a breach doesn’t have to be catastrophic, if an incident response team is prepared. To be prepared, however, takes rigorous planning.

Major companies, like Target, often fail to act on malware alerts

Target paid the price for its apparent failure; other big firms follow the same pattern and could face the same fate, analysts say.

To Detect and Respond

Detect breaches more swiftly, and respond more intelligently and effectively. This collection discusses the importance of detection and response, and how to act in the time of crises.

Detect and respond: How organizations are fighting off targeted attacks faster

With targeted attacks constantly finding new ways to break in, enterprises are seeking new ways to rapidly detect and respond to the rising threat.

Positioning your institution’s response in the face of data breach

Data breaches are going to happen. The important part, says ACI Worldwide’s Seth Ruden, is how an association chooses to handle them.

Caught in the breach: How a good CSO confronts inevitable bad news

There are ways to make it much more difficult for attackers to breach an organization. But some of them are inevitable. The mindset of a good CSO must be on how to detect and respond quickly, to limit the damage once the inevitable has occurred.

Understanding incident response: 5 tips to make IR work for you

Incident response is a plan that evolves over time to keep your organization best prepared against likely threats. CSO talked to industry experts at Black Hat about the ups and downs of IR, and how to develop a plan that’s right for you.