CSO Australia: The Importance of Incident Response in Ensuring Compliance and Security

Suited Man Pressing A Lock Icon

A recent article in CSO Australia titled “Incident Response in the Age of New Compliance Requirements”, by CrowdStrike APJ Services Director Mark Goudie, examines the role of incident response practices (IR) in ensuring cybersecurity and compliance readiness. The author stresses that organizations “need to approach IR with a new lens and look at the internal processes in the age of global compliance requirements.”

Goudie begins by emphasizing the importance of a speedy response, one of the major themes addressed in this year’s CrowdStrike Global Threat Report. He writes, “The speed at which you identify a breach, prevent access to data and remediate the threat will make a significant difference in controlling the business risk and costs during a data breach incident.”

A Strong Incident Response Plan Is Key

The author recommends that organizations consider an approach to IR with a more “holistic view of cyber crisis management that captures the confluence of operational, strategic, legal and public disclosure elements.” He also argues that organizations “need a strong IR plan that clearly communicates the plan of action to create new levels of transparency with your customers that will not only meet any state or global regulations, but also drive loyalty and trust with customers.”

Best Practices for Better Cybersecurity Readiness

The article includes best practices for organizations, so they can improve their responses to incidents and keep pace with a complex and evolving threat landscape. Goudie writes:

  • “When it comes to modern IR in the current cybersecurity environment, organizations need to be proactive and understand that compliance does not equal security.
  • “Organizations need to be strategic and build an incident response approach that leverages the whole of the company, from the board level right through legal, financial and IT.”
  • “The more strategically a company invests time and resources in IR and makes a habit of testing security incidents before they happen, the greater the chance that dealing with cyber threats becomes a well thought out exercise, rather than a reactive response.”

Recommendations

The article concludes with some recommendations: “Responders need deep visibility into the current state of any systems in the enterprise in real time, and powerful capabilities to remediate a confirmed threat instantly.” Goudie also reiterates the importance of speed, “Organizations need to pursue the 1-10-60 rule … which stresses being able to detect in one minute, investigate in 10 minutes and remediate within 60 minutes.”

In closing, he emphasizes the need for organizations to be prepared via a proactive IR approach. “Preparing and investing in IR and reframing cybercrime as an issue that affects every aspect of an organization is the first step toward cultivating business resilience.”

Additional Resources

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial