The Noggin Blog

Heightened Cyber Threat Underlines the Need for Effective Cyber Incident Response

Posted by The Brain on May 25, 2021 2:19:44 PM

All-of-government attacks in Australia. The SolarWinds hack. Ransomware attacks on the Colonial Pipeline and Ireland’s healthcare services. Increasing in frequency, cyber attacks are hitting our most critical assets. And the organisations tasked with keeping those assets safe are up against formidable barriers to effective cyber incident response. 

MKT-583 - Security Newsletter Graphic - 26 May 2021-01

 

Key challenges to effective cyber incident response

Let’s start with the main issue. Ensuring that your systems and personnel can detect, understand, and respond to cyber incidents involves creating and deploying structured methodologies. That’s not easy.

Add to that, policymakers are adding public notification requirements, making cyber incident response even harder.

Compliance, however, isn’t the only challenge critical asset owners face. There are myriad challenges to cyber incident response – structural information and incident management barriers come to mind. The most salient of these include:

  • Too many incidents. The sharp rise in cyber incidents creates alert fatigue. And not all alerts are the big one. The rapid acceleration in alerts often compromises the ability of an organisation to respond effectively to a serious breach.  
  • Incident response plans (IRPs) are too generic. Guidance on how to respond to cyber incidents is prolific. Organisations are free to make use of that guidance. But simply copying and pasting those plans isn’t the best idea; one-size-fits-all IRPs aren’t tailored to the needs and specificities of individual organisations.
  • Plans are untested. Another complication: generic plans are less likely to be tested before a real-world incident. Oftentimes, customised plans haven’t been tested, either, particularly since the transition to widespread remote working.
  • Information pathways get clogged up. Effective cyber incident response often requires novel approaches, integration of disparate data sources, and a wide variety of outputs. Not very easy when your teams are unnecessarily segmented. Often, then, data pertinent to the incident isn’t made available to decision makers. When it is, information is strewn across hundreds of emails

What are the intelligence agencies saying about cyber incident response and threat mitigation strategies

What’s the solution? Public agencies provide a rich font of best-practice mitigation strategies for preparing and responding to cyber incidents. It’s best not to reproduce the guidance wholesale, instead tailor it to the specificities of your organisation.

So, what have these agencies been saying specifically? The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently recommended:

  • Require multi-factor authentication for remote access to OT and IT networks.
  • Enable strong spam filters to prevent phishing emails from reaching end users. Filter emails containing executable files from reaching end users.
  • Implement a user training program and simulated attacks for spearphishing to discourage users from visiting malicious websites or opening malicious attachments and re-enforce the appropriate user responses to spearphishing emails.
  • Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allowlists.
  • Update software, including operating systems, applications, and firmware on IT network assets, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program.
  • Limit access to resources over networks, especially by restricting RDP. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require multi-factor authentication.
  • Set antivirus/antimalware programs to conduct regular scans of IT network assets using up-to-date signatures. Use a risk-based asset inventory strategy to determine how OT network assets are identified and evaluated for the presence of malware.

The cyber threat is real, but so too are the challenges to effective cyber incident response. Overcoming the challenges will take time and effort, but technology can help. Not convinced? See how Noggin can help your organisation improve cyber incident management:

Request a Demo

 

For more news and updates, follow Noggin on Twitter and LinkedIn.

 

Topics: Security Management, Security Newsletter


Meet Noggin: all-hazards enterprise resilience software.

Thanks for stopping by!

The Noggin software suite provides flexible information management solutions capable of managing all hazards across a wide range of industries, from the smallest complaint to a multi-national emergency. We help organizations handle all hazards, all media, all devices, all processes - in one suite of software products. Organizations across the world rely on Noggin to help them manage disruptive events more effectively and protect the bottom line for their communities and businesses.

Want to learn more? Get in touch:

 

Subscribe to Email Updates

Recent Posts