Intelligent CISO Issue 1 - Page 77

decrypting myths Incident response: A six-step guide Tim Bandos, Senior Director of Cybersecurity at Digital Guardian, discusses how an effective incident response should start by answering six key questions to ensure damage is kept to a minimum. I ncident response is defined as the process by which an organisation handles a data breach or cyberattack. The goal of incident response is to efficiently manage an incident so that the damage is limited and recovery time and costs are kept to a minimum. Having an incident response plan in place is more important than ever at present as 2017 was the worst year in history for data breaches and 2018 is only likely to be worse. Furthermore, GDPR is coming closer, elevating the potential monetary costs of a data breach to bankruptcy levels. Tim Bandos, Senior Director of Cybersecurity at Digital Guardian | Issue 01 A well thought out incident response plan should act as a guide for the incident response team in the event of a cyber incident. The plan will consider the definition of an incident, who within the company must respond to it and when they need to act. Below, you can find the six fundamental questions that should inform your incident response plan. These questions will help the incident response team to establish key facts and begin the remediation process: Who? WHO? If you can understand the mindset of the person attacking you, you stand a better chance of defending yourself next time. A good place to start your breach analysis is to consider who was behind the attack. With this knowledge, you will be able to build a better picture of the entire incident. Also, the tactics and targets of a lone cybercriminal will differ greatly to state- sponsored attackers, which will in turn differ from hacktivists. 77