Intelligent CISO Issue 52 - Page 38

Incident response teams must also distinguish between benign activity and true malicious behaviour . approach is crucial in ensuring all departments of all organisations in a supply chain are ready .
FEATURE
As the size of supply chain ecosystems continues to increase , with BlueVoyant research indicating that the number of businesses reporting supply chains of more than 1,000 companies rose from 8 % in 2020 to 43 % in 2021 , a proactive

Incident response teams must also distinguish between benign activity and true malicious behaviour . approach is crucial in ensuring all departments of all organisations in a supply chain are ready .

2 . Identification
This is the detection of malicious activity . Whether based on security and monitoring tools , publicly available threat information , or insider information , an important part of identification is to collect and analyse as much data as possible about malicious activity . Incident response teams must also distinguish between benign activity and true malicious behaviour .
This requires a substantial effort in reviewing security alerts and determining whether alerts are ‘ false positives ’ — not real security incidents — or ‘ true positives ’, which indicate malicious activity .
It ’ s important at this stage for an organisation ’ s threat intelligence / incident response consultancy to ensure they have secured any evidence that could be subjected to scrutiny as part of formal legal proceedings . It ’ s also crucial to ensure that a company ’ s legal counsel has been fully briefed on the developing situation , but organisations should look towards MSSPs that can assist legal advisors and counsel prior to and throughout the course of proceedings .
It ’ s important to remember that many organisations won ’ t have large cybersecurity departments – if at all ; if this is the case , it ’ s likely that legal
38 www . intelligentciso . com