Incident Response Plan (IRP)
If massive companies like Target, Sony, and Equifax can’t safeguard their data, how can your clients expect you to? The cyber security landscape has evolved rapidly the past few years, and being breached has almost become a normalcy. However, the backlash from clients who realize your company has no cyber disaster recovery plan should strike fear into every organization without one.
Cybersecurity incidents vary greatly in their potential for damage, calling for individualized defense responses based on the risks they represent. The best way to tailor your security response is to be cognizant of the TYPE of breach that occurs. This information can aid you in discovering what the hackers are after, and guide you to the most appropriate response.
Types of Breaches
Almost all breaches can be classified into three types: theft, ransom, and access.
Breaches with the goal of theft steal information or mislead employees, an example being a fraudulent wire transfer stemming from a spear phishing attack. These breaches are often only discovered after the damage has been done.
Ransomware attacks however are a different animal than theft breaches. A wide net is cast to potential victims, perhaps by a spam email blast, with the hope that an unsuspecting employee will take the bait and click a bad link or file. Legal and financial companies are the biggest targets for ransomware due to their abundance of financial resources and classified personal information.
The goal of an “access breach” is simple: to use your company’s network as a home base for a larger attack on another organization. Hundreds, thousands, and even millions of company networks can be penetrated by a hacker and used together against their intended target to overwhelm their defenses.
Attack Type: Method Assets at Risk/Primary Targets
Crimeware + Ransomware: All data/All employees
Cyber Espionage: Equipment and data/All employees
DDOS: Website, web services/All employees
Insider + Privilege Misuse: Financial, M&A, HR data, IP/Exploiting rights & privileges
Physical Theft or Loss: Hardware assets, databases/Server C://; firm laptops
Web Application attack: Cloud-CRM & QuickBooks Online/Partners, Admins, & Controller