Becoming a victim of a cyber attack is an imminent reality for all companies
With punitive measures introduced by the GDPR (General Data Protection Regulation) and the NIS Regulations (The Network and Information Systems Regulations), how an organisation responds to a cyber incident can often spell the difference between failure and success.
The speed at which you identify and mitigate such incidents makes a significant difference in controlling your risks, cost and exposure. Effective Cyber risk assessment can reduce the risk of future incidents occurring, help you detect incidents at an earlier stage and develop a robust defence against attacks to potentially save your organisation millions.
Free PDF download: Cyber Incident Response Management – An introduction
Download this free paper and:
- Discover the substantial benefits of a CIR system;
- Explore our recommended approach to CIR;
- Understand the importance of scenario development for CIR success; and
- Get to grips with best-practice guidance for establishing a CIR programme.
Download now
Why do organisations need incident response planning?
Cyber attacks and data breaches are inevitable, so the speed you react to a breach is critical. Cyber criminals only need to find one weakness to infiltrate your systems, so it is essential to be prepared when a breach occurs.
The current incident response climate in organisations demonstrates why CIR is not something you can afford to ignore:
175 days
The average number of time that a threat has undetected access in a network. (FireEye M-Trends)
70%
of organisations don't have a cyber incident response plan and are unprepared to respond to a cyber attack. (PwC Global Economic Crime and Fraud Survey)
72hrs
for organisations to report data breaches/incidents under the GDPR and the NIS Regulations. The breach must be reported within 72 hours or face heavy fines.
2.94m
the average cost for an organisation that has suffered a data breach. (Ponemon Institute’s Cost of a Data Breach Study: Global Overview)
Incident reporting requirements under the GDPR and NIS Directive
Under Article 32 of the GDPR, organisations are obligated to restore the availability of and access to personal data in the event of a physical or technical breach.
Organisations in critical infrastructure also face these obligations under the NIS Directive (EU Directive on security of network and information systems), whereby OES (operators of essential services) and DSPs (digital service providers) are required to adopt incident response measures to ensure recovery following a disruptive incident.
Phase
1. Reconnaissance
- Identify target
- Look for vulnerabilities
Countermeasures
- Monitoring and logging
- Situational awareness
- Collaboration
Phase
2. Attack target
- Exploit vulnerabilities
- Defeat remaining controls
Countermeasures
- Architectural system design
- Standard controls (e.g. ISO 27001)
- Penetration testing
Phase
3. Achieve objectives
- Disruption of systems
- Extraction of data
- Manipulation of information
Countermeasures
- Cyber security incident response planning
- Business continuity and disaster recovery plans
- Cyber security insurance
Frameworks that outline and require incident response measures
Incident response planning is mandated as part of all major cyber security regimes, either directly or indirectly. The following standards require incident response measures:
- ISO 27001, the international standard for an ISMS (information security management system)
- ISO 22301, the international standard for a BCMS (business continuity management system)
- PCI DSS (Payment Card Industry Data Security Standard)
UK government departments also have a responsibility to report cyber incidents under the terms laid out in the security policy framework issued by the Cabinet Office, effectively mandating a CIR for such organisations as well.
Be prepared for any cyber security incident
Cyber Incident Response (CIR) Service
Our Cyber Incident Response Service will enable you to respond to an incident and restore services in a trusted and timely manner while safeguarding evidence as appropriate.
Using best-practice frameworks detailed in ISO 27035 and as prescribed by CREST, this service will help you limit the impact and consequences of any cyber security incident.
Find out more
Cyber Incident Response Training
Find out how to effectively manage and respond to a disruptive incident, such as a data breach or cyber attack, and take appropriate steps to limit the damage to your business, reputation and brand.
This course will provide an introduction to developing a cyber incident response programme to protect your business.
Book now
Why choose IT Governance?
- We draw from proven incident response standards such as ISO 27035 to help you define, implement and effectively apply an incident response management programme in your organisation.
- We will put in place a process that allows you to determine, and report on, the specifics of a cyber incident.
- Our management service is tailored to your needs, business requirements and budget, making it a cost- effective solution.
- We have over 15 years of experience helping organisations achieve local and international compliance with management system standards such as ISO 27001.
- We have multi-disciplinary teams with project managers to roll out compliance implementation projects and executive expertise to brief your board and develop suitable strategies.
Speak to an expert
Please contact our team for more information on how IT Governance can help with your cyber incident response management.