A recent article in CSO Australia titled “Incident Response in the Age of New Compliance Requirements”, by CrowdStrike APJ Services Director Mark Goudie, examines the role of incident response practices (IR) in ensuring cybersecurity and compliance readiness. The author stresses that organizations “need to approach IR with a new lens and look at the internal processes in the age of global compliance requirements.”
Goudie begins by emphasizing the importance of a speedy response, one of the major themes addressed in this year’s CrowdStrike Global Threat Report. He writes, “The speed at which you identify a breach, prevent access to data and remediate the threat will make a significant difference in controlling the business risk and costs during a data breach incident.”
A Strong Incident Response Plan Is Key
The author recommends that organizations consider an approach to IR with a more “holistic view of cyber crisis management that captures the confluence of operational, strategic, legal and public disclosure elements.” He also argues that organizations “need a strong IR plan that clearly communicates the plan of action to create new levels of transparency with your customers that will not only meet any state or global regulations, but also drive loyalty and trust with customers.”
Best Practices for Better Cybersecurity Readiness
The article includes best practices for organizations, so they can improve their responses to incidents and keep pace with a complex and evolving threat landscape. Goudie writes:
- “When it comes to modern IR in the current cybersecurity environment, organizations need to be proactive and understand that compliance does not equal security.”
- “Organizations need to be strategic and build an incident response approach that leverages the whole of the company, from the board level right through legal, financial and IT.”
- “The more strategically a company invests time and resources in IR and makes a habit of testing security incidents before they happen, the greater the chance that dealing with cyber threats becomes a well thought out exercise, rather than a reactive response.”
The article concludes with some recommendations: “Responders need deep visibility into the current state of any systems in the enterprise in real time, and powerful capabilities to remediate a confirmed threat instantly.” Goudie also reiterates the importance of speed, “Organizations need to pursue the 1-10-60 rule … which stresses being able to detect in one minute, investigate in 10 minutes and remediate within 60 minutes.”
In closing, he emphasizes the need for organizations to be prepared via a proactive IR approach. “Preparing and investing in IR and reframing cybercrime as an issue that affects every aspect of an organization is the first step toward cultivating business resilience.”
- Read the entire article in CSO Australia online.
- For more information on CrowdStrike’s incident response, compromise assessment or threat hunting offerings, visit the CrowdStrike® Cybersecurity Services page or email: firstname.lastname@example.org.
- Learn more about CrowdStrike’s next-gen endpoint protection by visiting the Falcon platform product page.
- Download the 2019 Global Threat Report: “Adversary Tradecraft and the Importance of Speed.”
- Download the CrowdStrike Services Cyber Intrusion Casebook and read up on real-world incident response (IR) investigations, with details on attacks and recommendations that can help your organization be better prepared.
- Test CrowdStrike next-gen AV for yourself. Start your free trial of Falcon Prevent™ today.