Illustration by Ilamparithi Raju

Illustration by Ilamparithi Raju

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. With the rising concern over cyberattacks in the distributed workforce, this week we explore the concept of cybersecurity incident response during a pandemic.

The new normal of a distributed workforce has given rise to advancements in the cyber threat landscape. Global organizations have seen a 148 percent increase in ransomware attacks, with a majority of them targeting the financial and the healthcare industries. The global effect and influence of popular interests, such as COVID-19 health information or elections in the United States, paves the way for phishing attacks via emails and unsecured devices. 

Preventing cyberattacks is half the battle. Preparing for the impact of a cyberattack is the other half, and what ensures an organization is cyber resilient. A comprehensive Cybersecurity Incident Response Plan (CIRP) helps an organization mitigate and control damages from a cyberattack. 

An enterprise-wide CIRP focuses on strengthening three pillars in an organization: people, process, and technology. 

A security incident response team consists not just the IT department, but also the auxiliary departments such as HR, Legal, and PR. The team should have a structured set of roles and responsibilities, and a key responsibility is conducting regular training sessions for the employees to increase awareness on the current cyber threat landscape. 

Organizations generally use a combination of tools to develop a comprehensive cybersecurity strategy. With that comes the risk of disconnected systems that hinder interoperability, thereby reducing the efficiency of cybersecurity systems. Chief information security officers (CISOs) need to ensure the use of correct mix of cybersecurity tools to improve visibility into the security systems, and adopt best practices in threat prevention, detection, and response.   

Here are five interesting articles about Cybersecurity Incident Response Plans and how organizations can strategize and work with the correct training, processes, and technologies to prepare for a cyberattack. 

  1. Cybersecurity Challenges and Incident Response Preparedness During the Coronavirus Pandemic

 The swift and unplanned adoption of remote tools during the pandemic has resulted in the increase of cyber vulnerabilities in the organizations. The use of unsecured Wi-Fi networks and unpatched VPNs adds to the risk. This article discusses the key points that organizations should consider before deploying a comprehensive incident response plan. A major focus is placed on ensuring communications and the redundancy of resources to achieve a highly-available and flexible war room. 

  1. Implementing Effective Remote Incident Response in a Pandemic

The lockdowns across the globe have restricted physical access to the IT systems for Digital Forensics and Incident Response teams. The use of cloud-based Endpoint Detection and Response tools facilitates remote investigation, and provide visibility into the critical endpoint. Upon detection, these tools help to quarantine the threat. In our COVID-19 times, cleaning up threats without physical access is challenging. The solution involves re-imaging the affected systems, and ultimately deploying a tool to accomplish remote repairs. 

  1. What are the characteristics of an effective cyber incident response plan?

Forming an incident response plan should be followed by regularly testing, and involves the continual education of the workforce so that it is instinctively incorporated in the muscle memory of the workforce. This article discusses seven characteristics of an effective cyber incident response plan that helps to achieve order out of chaos during a cyber threat incident. 

  1. AI, machine learning and automation in cybersecurity: The time is now

The increase in cyberattacks comes in the time of a major cybersecurity skill gap.  AI, machine learning, and automation provide capabilities for organizations to respond quickly to cyber threats. This article discusses the dilemma faced by CISOs in prioritizing the limited resources and budgets between solutions for threat prevention, detection, and response.  

  1. Is Your Ransomware Incident Response Plan Future-Proof?

Organizations might be overlooking the fact that ransomware attacks are different and result in a higher degree of impact than other cyber threats.  The often tedious manual efforts taken by IT teams following a cyberattack should be considered by organizations when they evaluate whether to give in to huge ransom demands. The size of the IT infrastructure adds to the complexity of the repair and mitigation process. This article outlines the importance of processes that should be enacted in an incident response plan to restore the operations quickly and inexpensively. 

Organizations with an enterprise-wide CIRP are less susceptible to business disruption. Continuous improvement in cybersecurity should consist of maintaining attack-specific playbooks, reviewing incident response plans regularly, using the correct tools, and educating the workforce to efficiently manage their response. A few of the technologies that help in developing a CIRP include Security information and event management (SIEM), Security Orchestration, Automation and Response (SOAR), Unified Endpoint Management (UEM) and User and Entity Behavior Analytics (UEBA).