Intelligent CISO Issue 16 - Page 67

decrypting myths Five key factors for a robust incident response process In the modern world, it’s agreed that it’s a case of ‘when’ cyberattackers come knocking, rather than ‘if’. So it’s crucial that CISOs and their teams have a robust procedure in place for when the worst happens. Amir Kanaan, Managing Director for META region at Kaspersky, details the key factors CISOs should consider when building an incident response process. A s attacks become more sophisticated and frequent, 83% of CISOs agree that cyberincidents within their companies are inevitable. So it comes as no surprise that the majority (76%) believe the speed and quality of incident response (IR) are the most important factors when measuring their performance. Shortage of qualified professionals This means that heads of IT security departments are now focused not only on preventing attacks, but on identifying issues in time to minimise the damage. Next, an IR team should eliminate the attack and recover any affected systems. After an issue is resolved, the IR strategy should be reviewed based on this experience, to mitigate similar cases happening again. While having IR as a process is a necessity, CISOs still face the dilemma of organising it. There are five factors IT security leaders should consider when choosing how to organise IR in their organisation: | Issue 16 IR is often misunderstood as jumping into the remediation phase when an incident happens. However, the IR process starts even before an attack has occurred and isn’t over when it stops. In general, IR consists of four stages. The first is preparation to ensure all responsible employees know how to act upon attack. The second phase involves incident detection. These diversified activities call for different professionals. Unfortunately, these specialists are in short supply. According to Kaspersky’s survey, 43% of CISOs find it difficult to find a malware 67