Eze Castle Integration Eze Castle Integration

Hedge IT Blog

Dealing with a Security Breach: Planning, Response & Resolution

By Jennifer Odence,
Tuesday, January 28th, 2014

Last week, we kicked off our 2014 webinar series with our first topic, “Security Incident Response Priorities: How to Prepare Your Firm Before a Breach Occurs,” featuring our own VP of Technology, Steve Schoener, along with eSentire’s Chief Technology Officer, Eldon Sprickerhoff. Topics discussed included common threat actors and potential security scenarios to be aware of as well as the importance of planning a response to such attacks.

A Quick Brief

In 2012, IBM reported that companies were attacked an average of two million times per week, and unfortunately, the statistics aren’t declining anytime soon. It’s no longer “what if” a security breach or cyber-attack occurs, but when and how it will occur. With targeted attacks that are bypassing existing security infrastructures, the topic of security has become even more important to all firms.

Security Landscape

The most common security threat actor lately has been attacks from criminal organizations, most notably international occurrences. Criminal organizations are out for profit and the most difficult to track down, especially in international instances. There has been less impact from Nation States, but these are still threats to be cautious of, along with insiders and hacktivists.Restricted Area

The intent of each group is different with the attack that occurs. And no network is completely safe. The probability that one or more attack will occur within the year is very high. Knowing there is a high chance for such an attack, the only way to be ready is to have a plan in place.

There are three phases of Incident Response. The most important is the planning phase. Chances are your company will see some sort of attack this year, but the question is “when?” Here is a quick breakdown of these key phases on Incident Response.

Phase 1: Planning

To be prepared for a security breach or cyber-attack, you must first have a plan. A response plan should be completed in advance of any type of incident. Put together a team of internal staff (e.g. IT, Human Resources, Operations, Client Service, BCP) and external members (e.g. public relations, vendors, law enforcement) that may need to be contacted if the attack cannot be contained. By formulating a plan in advance, roles and responsibilities will be clearly defined and minimize the potential for fallout. Once the plan has been completed, it should be presented in writing and easy accessible during any attack.

Phase 2: Response

Perhaps the most critical phase is the actual Response phase (but keep in mind, the tone of this phase is set by whether your firm has a plan in place). The overall goal of the response is to keep the firm’s top priorities in mind:

  • Ensure safety of staff

  • Fulfill key fiduciary responsibilities

  • Protect public/shareholders/investors

  • Resume business operations

  • Ensure financial losses will not exceed tolerances

  • Maintain forensic chain of custody

eSentire divides this phase into four components:

  • DetectInitial assessment that acknowledges threat and notifies response team

  • Prep – A chance to give instructions to the response team if there is advanced warning. Generally, there is no time to prepare for an attack.

  • Deploy – Two-part plan for senior management to decide protocol before the stage has begun. Is it more important to capture the evidence or get the system running?

    • Collect & Protect

    • Recover & Remediate

  • Resolve – Execute plan of collecting evidence or recover (restore). Root cause analysis is critical to learn from the attack and how to defend in the future. Review and update plan and procedures.

Phase 3: Resolution

The phase allows the team to understand what occurred and devise a strategy to avoid a similar occurrence in the future. It’s critical to learn what factors may have caused the breach and, as a result, mitigate the risk of future events.

Don't forget to watch the full webinar replay here!

Contact an Eze Castle representatibe
 Photo Credit: Istock

Categorized under: Security 

Recent Posts / All Posts