Incident Response Monitoring
To respond and be able to manage a cyber attack, companies carry out Incident Response Monitoring (IRM) to avoid data leakage and its subsequent consequences that may affect customers, the company's intellectual property, time and resources, and ultimately the brand’s value
This methodology seeks to reduce damage and restore the normal functioning of the systems as quickly as possible. In this sense, research is key because it allows you to learn from an attack and to be better prepared to respond in the future.
The best way to protect your organisation’s assets is to have a well-developed and repeatable incident response plan. Cyber attacks are increasing in frequency and scale making incident response plans vital for the health of the organisation.
Incident Response Monitoring is carried out by a team that leads incident response efforts. The incident response team is made up of experts in cybersecurity, IT, auditors as well as other types of staff within the company such as HR or the communications department.
A well-implemented IRM plan should have five stages:
01
Preparation
Consists of developing policies and procedures that must be followed in the event of an attack. It is important that staff are trained to respond in a timely manner when it occurs.
02
Identification
This is about detecting the breach and enabling a fast and focused response. Different systems and firewalls can be used in this stage.
03
Containment
This is the key to stopping the advance of damage and preventing future penetration. These actions can be achieved by counting on specific offline sub-networks and backup systems to maintain operations.
04
Eradication
This stage includes neutralising threats and restoring internal systems to their previous state prior to the attack. Here, secondary monitoring can be used to ensure that affected systems are no longer vulnerable to future attacks.
05
Recovery
It is necessary to validate that the systems which have been affected are no longer compromised and that they can function normally again. This involves setting schedules to re-establish operations and constant monitoring.
06
Lessons learned
In this instance, the incident response team meets to determine future improvements. This may include an evaluation of current policies and procedures. At the end, a report is generated with all of the analysis conducted, which will be used in new training sessions.