Sponsored Article
The importance of industrial incident response
19 July 2022
With data highlighting that an estimated 30,000 cyberattacks happen every day, and companies fall victim to them every 39 seconds, it is fair to say that cybercrime is a major threat to every organisation on the planet.
Devastating cyber attacks are reported in the media daily, government advisories about increased threat activity are issued regularly, yet every year the frequency and severity of attacks grows. Given all these warnings, the importance of preparing for attacks has never been greater, and the only real mistake any business can make today is a failure to prepare.
However, while a cybersecurity incident is a crisis for any organisation, given that attacks targeting industrial organisations have the potential to disrupt operations and pose safety risks to society, the importance of incident response for these businesses is an absolute priority.
Industrial incidence response
This incident response allows industrial organisations to strengthen their networks against potential attacks and rehearse their response ahead of real incidents taking place. Incident response is rarely an inexpensive endeavour in terms of money, people, operational disruption or time, but when it is done properly it can save an organisation, and when it is not it can result in an organisation falling down on its knees.
However, despite the importance of incident response, according to the Dragos 2021 Year in Review, many industrial organisations are still not getting the basics right.
So, what are these basic issues that increase downtime, and the expense of managing a cybersecurity incident?
When it comes to building out an incident response plan, industrial organisations must ensure it covers people, process and technology. They must work out the threats that have the potential to cause the greatest damage and then run security drills to rehearse their response to them. The key focus is getting losses down to the absolute minimum that is acceptable. It is also essential that teams run these drills regularly to ensure no security gaps are created as industrial digital transformations unfold. It is also vital that everyone knows their role when an attack occurs, so they can get straight into action.
Another key element of incident response planning comes down to assessing how an organisation will respond to an active cyber incident. According to the Dragos study, one of the biggest challenges industrial organisations faced last year was that they did not have sufficient monitoring to understand the root cause of incidents.
Identifying the root cause of an incident quickly is critical as it allows security teams to know if there is an adversary on their network, or if an outage or problem has been caused by something non-malicious. In incident response planning, industrial organisations should work on improving network visibility across all connected assets, as this will allow them to identify the root cause of incidents as soon as they occur.
Another critical element of industrial incident response is working with a security provider that has experience in the space to help with forensics. In the follow up to any cyber incident, it is critical to carry out investigations to have a clear understanding of what happened, and these security providers should be the first people contacted when an incident is uncovered, not only to respond to the attack, but also to investigate it in the aftermath.
However, when it comes to selecting a security provider, always work with a business that has a proven track record in the area. If a provider doesn’t have experience, it will only result in mistakes being made, adversaries staying on networks for longer, and greater costs and losses. When doing incident response planning, recruit a security partner that has proven experience in industrial attack response and forensics that can be contacted easily when an attack occurs.
Industrial incidence response best practices
Cyber incident response planning is critical for all industrial organisations today as it enables them to respond to threats quickly, minimising damage, disruptions and losses. When it comes to building out these plans there are many critical elements to ensure their success.
Best practices include:
· Plan for attacks and regularly rehearse your response to minimise losses.
· Ensure everyone has clearly defined roles and responsibilities so team members can step into action as soon as an incident occurs.
· Implement a security tool that enables you to determine the root cause of the intrusions quickly.
· Develop a recommended course of action for the OT operations team to contain, mitigate, and eradicate attacks.
· Work with a reliable and trusted security partner to respond to and investigate attacks.
· Document incidents so you can learn about what went right and, most importantly, what went wrong. If organisations do not properly document incidents and findings, they cannot learn from these events and will continue to make the same mistakes over and over again.
Contact Details and Archive...