Subscribe

Avoid incident response bloopers

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 11 Aug 2020
Veronica Schmitt, director: Incident Response at DFIR Labs, and assistant professor at Noroff.
Veronica Schmitt, director: Incident Response at DFIR Labs, and assistant professor at Noroff.

The majority of organisations do not have a thought-out incident response (IR) policy, which means when a breach occurs, they are left on the back foot, having to work out the steps they need to take in the middle of the incident.

In addition, in the event of a breach, many businesses tend to have a knee-jerk reaction, and pull down their network, or overreact. This is often done because they have a fight or flight response.

So says Veronica Schmitt, director: Incident Response currently and Assistant Professor at Noroff, who will be presenting on ‘Incident response bloopers: When IR goes wrong’, at the ITWeb Security Summit 2020, to be held from 25 to 28 August, as a virtual event.

Schmitt says to be in a position to effectively develop an IR plan, businesses can either choose to do it themselves or they can opt to have an external organisation assist with this.

There is a saying, 'Jack of all trades, master of none', which I think rings true when dealing with IR.

Veronica Schmitt

There are some elements that will help with setting the foundation of an IR plan, she adds, such as mapping the level of maturity in terms of security and IR, and understanding the threats, both external and internal. She advises businesses to map out specific steps that need to be taken to resolve an incident throughout its lifecycle and assigning roles and responsibilities for when an incident happens: “Identify the key technologies and channels of communications to be leveraged during a response, and build processes around permissions and escalations.”

Speaking of the pitfalls that need to be avoided, she says organisations try to do everything themselves. “There is a saying, 'Jack of all trades, master of none', which I think rings true when dealing with IR.”

If an organisation is a small or medium entity and does not have a qualified and robust IR team, it should consider onboarding a third party that is dedicated to the trade, Schmitt says. “Dealing with IR is often complex in nature and follows forensic science processes, especially when it comes to privacy breaches and in legal disputes or criminal investigations. Do not try to do it all yourself.”

Delegates attending Schmitt’s talk will learn that dealing with pitfalls and processes during an active breach is not the way to deal with IR within an organisation. “We should already be dealing with this before an incident,” she concludes.

ITWeb Security Summit 2020

Register now for the ITWeb Security Summit 2020 virtual event, and experience four days of international keynotes, sessions and workshops all for one price. The event will feature over 50 speakers, with all content being made available on demand online. To register, and for more information, please click here.

Share