To protect sensitive information, organizations must invest in their cybersecurity procedures.
Detection of breaches is a crucial first step in incident response. Pre-incident detection involves taking preventive measures before an attack occurs, while real-time detection can sense when an attack is underway. Unfortunately, post-incident detection is the most common, requiring the awareness of a successful attack to stop it. The response to an attack involves identifying, containing, eradicating, and recovering from the incident.
Establishing a resilient cybersecurity plan starts with comprehensive risk assessment. Factors like who may target the organization, what they may target, and how they may achieve their goals will help identify weaknesses. Regulatory and contractual requirements should also be considered.
Once risks have been identified, there are several ways to respond:
- By treating risk, you may implement a measure (or several measures) to reduce the chance or the impact of treating said risk.
- By terminating risk, you eliminate the risk at the source.
- By transferring risk, you pass the responsibility for said risk on to another party, such as outsourcing to a transferring third party or taking on insurance.
- By tolerating risk, you elect to retain the risk – perhaps because there is no viable way to effectively treat it or because the risk has been deemed acceptable.
It’s important to remember that implementing security measures doesn’t guarantee complete protection. A layered approach is recommended, with different types of security challenges to make it harder to be attacked. Organizations often focus on technology but should not neglect the human component and social processes associated with leveraging a possible attack.