The FACTs about Incident Response considerations

The third in a four-part series about Work From Home cybersecurity topics, looked at incident response considerations and introduced the acronym: FACT.

Cybots Alliance, Executive VP Rodney Lee emphasised, “Incident response is probably another standard operating procedure for you, but when you need to use them, you need incident response to be Faster, Accurate, Conclusive and Timely.”

A quick poll of its participants revealed over 70-percent agreeing that there has been a lot of change in workstyles since businesses have been in lockdown from the coronavirus outbreak.

Besides now working on home networks, there has been more use of collaboration tools and perhaps even a shift towards more mobile device usage because of the decline in face-to-face interactions.

All these new ways of accessing work networks, and work applications and work files, have increased the attack surface and opportunities for hackers to infiltrate and compromise.

But what if an organisation and its information security guardians are able to defend even before attackers come into the network? What If information security guardians can know what’s happening outside the perimeter and kick off incident response, proactively?

This ties in to the last letter of the FACT acronym, Timely, whereby if organisations can detect seen exploits first, they will be able to begin response towards it.

However, threat intel sources need to timely as well, to enable insights to be Conclusive – for example, was the recent compromise detected at Honda and ENEL, a targeted attack, or only just a random scan by the bad guys.

Rodney asked the hypothetical questions: Do you have reliable threat intel sources that can give you timely response? Do you have a threat hunting team?

Find more info at this link.