Intelligent CISO Issue 53 - Page 46

industry unlocked
Ultimately , falling back on clear lines of accountability is crucial . Security teams need to constantly develop ways to measure security vulnerabilities and exposures throughout their technology stack , so they can provide actionable data to accountable teams to close gaps quickly .
Incident response standards
Cybersecurity teams should be aware of response expectations to a breach or attack . To that end , teams need to develop clear procedures for who to notify as a threat escalates and when to ensure quick action is taken in the face of a cyberattack .
Beyond quick decision-making and communication within cybersecurity teams , there also needs to be clear expectations as to what constitutes an adequate response to an incident . In some aspects , attacks become a war for data . It ’ s key that IT and security teams quickly understand how to remove an attacker without harming evidence for forensic or internal use .
Team members need to be trusted to use their experience and judgement to collate and action data in realtime . Rather than be hamstrung by processes , cybersecurity teams should have clear time windows for responding to a threat .
Immutable backups
What if an attacker wins ? What if a ransomware operator manages to encrypt your critical operational data , lock your machine access and prevent you from interacting with your teams ? It ’ s never an easy scenario for any organisation . But the worst outcomes from an attack can be mitigated if a team has a recovery plan . That ’ s why backups are critical .
Cybercriminals are wise to the value of backups for their targets , however . As a result , hackers often target backups alongside a business ’ live data and workflows to force the organisation into a corner and inflict maximum damage .
To this end , you need immutable backups – backups that can ’ t be edited or deleted by anyone in an organisation within a specified time window . This means you ’ ll have a guaranteed resource for backing up at hand , even if a cybercriminal ’ s control over a network is nigh total .
However , it ’ s worth remembering that restoring services may not be the only challenge you face . Immutable data can do nothing to prevent an attacker from sharing your sensitive information and many ransomware operators are picking up on this and turning to extortion alongside a ransom . This is why a protection strategymust always remain crucial , along with strong resilience . u
46 www . intelligentciso . com