incident-response-cycle

In the cyberspace dimension, every organization is at risk from cyber threats having the potential to disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy. Website defacement and installing potentially destructive malware is a major risk to the cyber infrastructure users that can affect in a multidimensional array resulting in severe harm.

To ensure proper cyber hygiene, it is necessary to ensure that senior leaders in the organization are aware of critical cyber risks and accordingly take urgent, near-term steps to reduce the likelihood and potential impact of any potentially damaging compromise. All organizations, regardless of sector or size, should consider following steps in ensuring an appropriate cyber hygienic infrastructure.

To reduce the likelihood of a damaging cyber intrusion:

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication (MFA) or Two-Factor Authentication (2FA).
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls.

Steps to quickly detect a potential intrusion

  • Ensure that cybersecurity / IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior.
  • Enable logging in order to better investigate issues or events.
  • Confirm that the organization’s entire network is protected by antivirus / antimalware software and that signatures in these tools are updated.
  • If working with such organizations that belongs to conflicting countries/ nations (e.g., Russia, Ukraine, Israel, Iran, China, Pakistan, North Korea, etc.), take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

How to respond if an intrusion occurs in an Organization

  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/ responsibilities within the organization, including technology, communications, legal and business continuity.
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

To ensure organization’s robust resilience to a destructive cyber incident, following are advisable steps:

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

By implementing the steps above, all organizations / entrepreneurs can make near-term progress toward improving cybersecurity and resilience.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.