What you need when everything else fails

Earlier this year, Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital’s computer systems. Since then, two other hospitals in California, as well as in Kentucky and Maryland, have also been hit. What changed? That $17,000 ransom made headlines, letting other cyber criminals know that ransomware can be a realistic and profitable attack vector for the enterprise. Cyber incidents are on the rise and even the least suspected targets are vulnerable. That’s why no matter how secure you may feel; you need to be prepared for action.

Preventative security controls will fail  

Prevention has long been the foundation of enterprise security. Years ago, I remember working with a client who assumed that preventive controls like anti-virus and firewalls were enough to protect the organization from outside threats. Time has revealed that prevention fails on a daily basis at many organizations. According to the 2015 Cost of Cyber Crime study by the Ponemon Institute, every company surveyed was the victim of a Trojan, virus, or worm type of attack and 97 percent surveyed were reported to have been the victim of a malware attack. Contrast this with the 99 percent-plus deployment rate of anti-virus clients across the enterprise and it’s self-evident that preventative controls are not effective 100 percent of the time.

Detective security controls will fail  

Prevention eventually gave way to detection. We saw a surge of products that could detect incidents on the network. However, we’ve seen that detection also fails on a regular basis. Look no further than the Verizon Data Breach Investigations Report, which shows that most incidents are not detected internally for years (or even ever). No matter how many technical solutions are deployed, something will get past your security controls undetected. It’s like the well-known concept concerning risk management. Incidents, like risk, can never be completely eliminated; you can only reduce the likelihood and it’s potential impact.

Incident response is what remains when all else fails

Once an incident bypasses your preventative and detective security controls, you are left with incident response. It’s not a question of whether your organization will be hacked, it’s when and how badly you’ll be impacted. This is what led Gartner to make the following statement:

Being prepared for incident response is likely to be one of the more cost-effective security measures any organization can take because well-planned IR reduces the incident impact and costs and because security incidents are inevitable.

Over the next few weeks, we’re going to look at some foundational steps to help your organization develop an incident response plan. Join us in our next post of this series, where we will discuss the importance of how an incident is defined.

To learn more about our security practice visit our security page. WWT can also help you gain a better understanding of where you organization stands today in responding to a data breach by requesting our Incident Management Workshop. Learn more about this two- to four-hour strategic planning session by visiting our workshop page.