Incident response plans are designed to test a company's ability to respond to a security incident.

Edward Gately, Senior News Editor

May 25, 2018

9 Min Read


Edward Gately

With constant data breaches and cybercriminals upping their games, it’s now more important than ever for organizations to have an effective incident-response (IR) plan in place.

This topic was covered during a breakout session at this week’s OpenText Enfuse 2018 conference. D. Kall Loper, director at Protiviti, a consulting firm in technology, business process, analytics, risk, compliance, transactions and internal audit, lead the session.

IR plans are designed to test a company’s ability to respond to a security incident with the goal of handling the situation so that it limits the damage to the business while reducing recovery time and costs.

“Incident-response plans should facilitate the process, not hinder it and not be a source of blame later,” Loper said.


Protiviti’s D. Kall Loper

One of the big problems with many IR plans is they don’t reflect what they’re actually doing in a response, he said. Many just say, ‘When this happens, you must do this,’ he said. Also, an overly prescriptive plan is a “recipe for disaster,” he said.

It’s important to assemble the best people and to have clearly defined roles for everyone.

“Authority is big,” Loper said. “IR is the glue that binds together roles of individuals. Bring your competent people together. If you have incompetent people, you’re going to have to move them out of the way, which takes time.”

The key characteristics of a good IR plan are: brief, clear, resilient and living, he said. For example, you want “clear and brief instructions for what people should do,” he said.

“Everybody right now wants a plan that can be done and then, ‘We don’t have to think about it anymore,” Loper said. “This one requires some buy-in and requires that people understand it, at least enough to work it, and that’s easy. So that’s part of the brief — we want to make it as easy as possible on the people, because if you make it hard, they won’t do it.”

Tabletop exercises, workshops and other activities can be more effective than “going home and doing the reading,” he said.

Resiliency can mean making sure the right people are in place in the core team and can fulfill all roles necessary during a response, Loper said.

“A living document allows your plan to adapt to organizational and practice change with minimal document change,” he said. “The brief features make it much less onerous to make those changes. If easier, there’s a better chance of it getting updated. And if someone leaves, someone can step in and read the checklist.”

So how can this benefit MSSPs?

“This gives them a better handle into the company if they can understand a plan like this,” Loper said. “Or even if the company’s coordinator just tells them, ‘Hey, we’ve got this checklist, we want to know what you do, we want to know what you need from us, here [are] our expectations … MSSPs have been dying to get that from their clients for years.”

Lessons learned from prior incidents provide an opportunity to revise and update the plan, he said.

“There are a lot of successful plans out there, but if you don’t like what your plan is, consider some of these options,” Loper said. “You don’t need to use this team structure if you have one that works. This is an effective IR plan and these are the components of it.”

Data Breach Costs Mounting

A new survey by Kaspersky Lab shows the average cost of a data breach globally is on the rise, with breaches now reaching an average of $1.23 million for enterprises, up 24 percent from $992,000 last year, and $120,000 on average for SMBs, up 36 percent, from $88,000.

The annual survey included more than 6,600 respondents from 29 countries. In North America, the average cost for an enterprise has reached …

… $1.6 million, up $300,000 from last year. Also, North America is the most expensive location for an SMB to suffer a data breach compared to all seven regions in the study.

SMBs in the United States and Canada have the highest recovery cost, at $149,000 on average, up $32,000 from last year.

Safeguarding data in the cloud continues to present new challenges for businesses, with the most expensive cybersecurity incidents over the past year related to cloud environments and data protection.

The portion of IT budgets spent on security has increased in North America during the past year among enterprises, reaching 28 percent of the total IT budget, and 25 percent for SMBs. According to the report, enterprises in North America are above the global average for their budgets.

“Cybersecurity has become not just a line item in IT bills, but a boardroom issue and a business priority for companies of all sizes, as evidenced by companies raising their IT security budgets,” said Maxim Frolov, Kaspersky’s vice president of global sales. “Businesses expect a strong payoff as the stakes continue to get higher: Besides traditional cybersecurity risks, many companies now have to deal with growing regulatory pressures, for example.”

Kudelski Security Provides New Channel Opportunity with Platform

Kudelski Security this week announced the U.S. availability of Secure Blueprint, a new cyber business management platform that will allow chief information security officers (CISOs) to run their cybersecurity programs like a business unit.

Secure Blueprint was “inspired and designed” by CISOs to automate and centralize essential program management functions and address the “pain points they regularly experience” from strategy building to board reporting, according to the company. The SaaS platform offers an interface that can be accessed from any secure internet browser and provides a view of program maturity and risk, aimed at helping determine which investments to prioritize next.


Kudelski Security’s Mark Carney

Mark Carney, Kudelski’s vice president of global services, tells us Secure Blueprint will give his company and its partners a competitive edge because “there is simply nothing in the market” like it.

“Kudelski Security works closely with its channel partners and they are unanimously excited about what Secure Blueprint brings to security organizations,” he said. “Security leaders today lack the ability to measure security program initiatives and communicate to the executive team and board the risks facing the organization. Secure Blueprint enables this and heightens the CISO’s credibility and ability to justify security-program investments that might range from new technology to changes in people or process. Secure Blueprint’s benchmarking capabilities brings to light areas that need additional investments, which naturally opens doors to discuss our channel partners’ technologies and still remain independently to advise on best practices.”

Partners can pursue new clients in various industries and verticals because Secure Blueprint is a “horizontal solution providing new cybersecurity program-management capabilities to client organizations of all types, sizes and industries,” Carney said.

“Our cyber business management platform enables security teams to engage with business leaders on security risks in language they can understand,” he said.

Asigra Platform Fights Ransomware ‘Attack Loops’

Cloud backup, recovery and restore software provider Asigra has unveiled Cloud Backup v14, its new converged data protection/cybersecurity platform designed to …

… counter growing malware threats. It prevents ransomware “attack loops,” which infect backup data and force ransom payments.

The platform uses bidirectional malware detection, zero-day exploit protection, variable repository naming and two-factor authentication (2FA) for a full defensive suite against advanced ransomware and other cyberattacks on backup data.


Asigra’s Eran Farajun

Eran Farajun, Asigra’s executive vice president, tells us his company is a 100 percent channel-focused organization, allowing partners to both resell the software and establish a cloud-based data protection service using Cloud Backup v14.

“With ransomware actively targeting backup data using attack loops, businesses, MSPs and VARs require defensive technology to stop these threats,” he said. “An attack loop occurs when hackers insert executable code within the organization’s backup data. When an attack occurs, both primary and secondary data are impacted, preventing the possibility of a clean recovery. To hide the code in the backup set, hackers insert the malware into data objects and other techniques which are backed up and stored in the company’s secondary storage repository. After a time-delayed detonation, the company restores a pre-attack generation of data only to realize that the recovery data reinserts the ransomware in to the network, recreating the ransomware for a perpetual loop of attacks.”

The security and compliance updates in the new platform provide several advantages for highly regulated industries such as health care, financial services and government entities, Farajun said.

“For MSPs, VARs, CSPs and other IT service providers supporting the data-protection requirements of their customers, Asigra’s technology offers the only cloud-based backup solution to address this challenge and ensure a viable recovery,” he said.

Clutch Survey: Personal Devices for Work Pose Cybersecurity Challenge

A new survey by B2B research firm Clutch shows a high number of employees are using personal devices to access company email and shared documents, often without any oversight. The survey included 1,000 full-time employees.

Key findings from the survey include:

  • Employees encounter password-update reminders (67 percent) more often than any other element of their companies’ cybersecurity policies.

  • Password protection (76 percent) is also the most commonly practiced IT security behavior among employees.

  • Although most employees (64 percent) use a company-approved device for work purposes, only 40 percent are subject to regulations regarding the use of personal devices.

  • Virtually all check email and more than two-thirds access shared documents using their devices.

“Normal” or accepted employee behavior often presents the “most dangerous security threats,” said Randy Battat, CEO of PreVeil, a company that provides end-to-end encryption for email and file sharing.

“Employees believe that information that needs to be protected is special, sensitive stuff that’s explicitly marked and that most of the everyday communications they receive and send aren’t a risk for their organizations,” Battat said. “The reality is that the majority of communications and an organization’s intellectual capital can be found in the ordinary email.”

The study suggests that to ensure employees recognize and comply with security policy, companies should implement consistent cybersecurity policy training.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like