5 important factors against online security attacks



By Maxim Frolov,

VP Global Sales at Kaspersky Lab

As attacks become more sophisticated and frequent, 86% of chief information and security officers (CISOs) agree that cyber-incidents within their companies are inevitable.


So, it comes as no surprise that 76 percent believe the speed and quality of incident response (IR) are the most important factors when measuring their performance. This means that heads of IT security departments are now focused not only on preventing attacks, but on identifying issues in time to minimize the damage.


While having IR as a process is a necessity, CISOs still face the dilemma of organizing it. There are five factors IT security leaders should consider when choosing how to organize IR in their organization:


1.       Shortage of qualified professionals:


The IR process starts even before an attack has occurred and isn’t over when it stops. In general, IR consists of four stages: a) preparation to ensure all responsible employees know how to act upon attack; b) incident detection; c) an IR team should eliminate the attack and recover any affected systems and d) after an issue is resolved, the IR strategy should be reviewed based on this experience, to mitigate similar cases happening again.   


These diversified activities call for different professionals. Unfortunately, these specialists are in short supply. According to Kaspersky Lab’s survey, 43% of CISOs find it difficult to find a malware analyst, 20 percent find specialists that can respond to attack and 13 percent can’t find threat hunters. Another issue is employee retention. Specialists know they are in demand and can easily switch to a rival organization if offered a higher salary. Because of these factors, it’s increasingly hard for companies to employ a team internally that can conduct the entire IR process.


2.    Choosing suitable outsourcers:


Choosing a contractor is also not a trivial task. To be effective, an outsourced team should cover all the important competencies of IR; namely threat research, malware analysis and digital forensics. It’s important that outsourcers have vendor-neutral certificates to prove a skill base.


Also, ask about their experience in the role. The more they work for multiple customers in a variety of industries, the more chance they regularly come across typical incidents and can find similarities in seemingly different cases.


For companies in strictly regulated industries, there may be additional restrictions when selecting outsourced responders. They will, therefore, only be allowed to choose from incident responders that meet specific compliance requirements.


3.    Cost of incident response

Establishing in-house IR is costly. The organization needs to pay a salary to full-time employees with rare and expensive skills. They also need to purchase solutions and services (threat intelligence) required for threat hunting, data analysis and attack remediation.


However, the average cost of experiencing a data breach globally is increasing as well – with breaches now amounting to $1.23M on average for enterprises (up 24 percent from $992K in 2017). With the cost of IT incidents on the rise, businesses are realizing that they must prioritize cybersecurity spending.


Some organizations find a flexible outsourcing model more cost-effective, as it allows them to pay only for the service received. However, for enterprises that deal with numerous incidents, having IR in-house is a must. Nonetheless, they can still find a more cost-effective model when they employ first-level responders. This internal team should be able to analyze the incident first and either handle it according to procedures or escalate to external experts.


4.    Synergy with IT department


When an incident happens, the IT team may choose to shut down infected machines to reduce the impact. However, for responders, it’s important to collect the evidence first – meaning that the ‘crime scene’ should be left untouched for a while after an incident. Collecting logs and storing them for only three months, and disconnecting infected machines make the life of IR teams more difficult.


To avoid such discrepancies, the internal IR team should prepare special tailored guidance for their IT colleagues or introduce special training for any IT specialist who needs more than simple cybersecurity hygiene knowledge but doesn’t require in-depth security skills. This initiative will ensure that both the internal and external team are on the same page.


5.    Delays in putting response into action


Organizations that outsource IR can establish the processes faster, as an external IR team is always on hand to step in and resolve an incident when needed. However, this comes with potential pitfalls. For instance, a company and the third party must sign contracts and create agreements before any work is carried out. This can lead to a delay in incident response.


In our experience, a customer team often comes back to work on a Monday to discover that the company was breached during the weekend. For several days they try to handle the issue on their own. As they realize that they cannot cope, they decide to turn to external experts. Now it’s Friday. So, the company tries to approve all the agreements in a hurry before the next weekend so that they can finally let the IR team get to work. If an organization has an internal team it can better evaluate each case and delegate responsibility quickly.


For most large organizations, a hybrid approach to IR, combining third-party responders as the second line of response and an in-house team as the first is the most effective option. It brings benefits and eliminates the shortages of both approaches.


All told, outsourcing IR doesn’t mean that the company can simply hand over the reins to external experts and absolve themselves of responsibility. Having a plan is still key. To react in time, a company must be prepared and have a first line of response.

There should be instructions for when to ask for external assistance and what it will address. Someone inside the company should also be tasked with prioritizing actions and coordinating cooperation between internal departments and the outsourced external team. Establishing such a role is a must.


Like us in Facebook

facebook like box joomla


Latest News

Slower price hikes for food, alcoholic products cause inflation to ease in July

  By Rose de la Cruz   Slower price hikes for food and alcoholic products caused inflation to ease further in July to 2.4 percent, its slowest... Read More...
Personal devices pose risks at work

    By Rose de la Cruz   The policy of some companies allowing employees to use their personal devices at work—from business calls made on... Read More...
Bong still unsure of Senate run

Should he stay or should he go?  This is the question that Special Assistant to the President Christopher “Bong” Go is trying to answer and... Read More...
IMAGE In the know: Solar Philippines

Solar Philippines is currently the country’s – and Southeast Asia’s – largest solar-energy company. Founded in August 2013 by Leandro... Read More...
Stupid Name Giver and Other Laughs

Stupid Name Giver Late one night, a burglar broke into a house. While he was sneaking around he heard a voice say, "Jesús is watching you."  He... Read More...
Confession Code and other laughs

Confession Code AN old priest who became sick of all the people in his parish who kept confessing to adultery said one Sunday, in the pulpit,"If I... Read More...

Photo courtesy of Top Gear Philippines Officials of motorcycle-sharing service company Angkas must be grinning all the way to the bank. After a... Read More...

MABUTI naman at tuluyan ng nagpasiya ang pamahalaan na sampahan ng karampatang kaso ang mga sangkot sa kontrobersyal na Dengvaxia anti-dengue... Read More...

Our Guests

This week3080
This month16996

Visitor Info

  • Your IP:

Who Is Online


Wednesday, 18 September 2019
© 2016 OpinYon News Magazine Online. All Rights Reserved.

Please publish modules in offcanvas position.