Fri, 9 Dec 2016

6 Critical Mistakes You Must Avoid During A Security Incident

Security Alert

If your organisation has an Internet connection, the odds are not in your favour. In this day and age, it is no longer a matter of if you are attacked, but when. Cyber attacks have become so common that more than half of businesses expect to be hacked at least once in the next 12 months.

Not only is the incidence rate high, and is set to increase, the price of such attacks are hefty as well. Each personal data lost or stolen cost the organisation US$154 on average.

However, a hack need not necessarily result in a breach. If security incidents are detected quickly and mitigated effectively, the attack can be stopped. But you need to avoid these six critical mistakes during a security incident.


The adage of 'failing to plan is planning to fail' cannot be overemphasised in cyber security. Not having a plan is fatal. It causes unnecessary panic and chaos that do not lend well to speed and precision that is needed to identify, contain and remediate the incident.

If you do not have an Incident Response Plan (IRP), this is your utmost priority. There are a few key processes in the IRP. You will need to:
• Have clear processes to analyse and identify if the flagged security incident is a threat
• Isolate the systems and contain the breach
• Activate the multi-functional incident response team to provide support such as handling stakeholder communications, filing a police report and implement a physical lockdown if required
• Apply digital forensic imaging and malware reverse engineering to trace and eliminate the root cause of the security breach

And if you do have an IRP, stress test it relentlessly. Conduct tabletop exercises and blue team-red team exercises to identify gaps in your plan, systems and staff. Implement learning points into your IRP. Rinse and repeat. Security Alert
Not having a plan is fatal


Plugging the gaps in your defence is just one half of a successful cyber security. The other half is to know what will attack you, and how they would do that.

First, you need to understand the threat landscape. What types of actors are most likely to target you, what assets are they likely to go after, and how they would do that.

Next, you need to able to 'see' the threats. Having certified security analysts working on advanced detection technology will give you visibility on the cyber activities on your networks. It is vital to monitor, compile and sift through your network data, eliminate false positives, and flag up potentially disruptive threats. Security Alert
What types of actors
are most likely to target you,
what assets
are they likely to go after,
and how they would do that


Security analysts differentiate between false positives and real threats based on threat intelligence. This intelligence can include information on the latest malware and their signatures, and the attack patterns of hackers from around the world.

Engaging an established managed security services provider (MSSP) can provide such threat intelligence. MSSPs correlate cyber activities across their clients' networks as well as industry partnerships to spot and identify threats effectively.

Threat intelligence can make the difference between being blinded to attacks and identifying malicious activities in time. Security Alert
Engaging an established
managed security services
provider (MSSP)
can provide such
threat intelligence


In the heat of containing and remediating a security breach, administrative work is probably the last thing on your mind. But it can prove to be the most crucial.

Documenting down what happened and what incident responders did, covering the basic questions of who, what, where, when, why and how, including a detailed incident timeline, is vital. It will help you to review the Incident Response Plan to ensure that a similar breach does not happen again. Security Alert
Documentation can
prove to be the
most crucial


Do not, under any circumstances, stop at the containment and remediation of the breach. It is essential to trace the root of the security breach and rectify the vulnerability.

The incident response team has to re-examine significant events, capture lessons learnt, and most importantly, refine the incident response plan. Take the opportunity to upgrade your security applications, streamline the processes and upskill your security staff, where need be. This can only help you to respond more effectively in the future. Security Alert
If you are breached
the second time
by the same attack,
it is on you.


Cyber security is not just a technical problem for the Information Technology (IT) department.

A cyber incident may result in a breach if you do not have a plan to respond to and manage the incident. As a result, your business can result in severe repercussions including market loss, brand dilution and loss of major clients. Security Alert
When the business is at stake,
it is all hands on deck.

Quann's cyber security consultants can help you set up or review your Incident Response Plan.

Contact Us Today

Certis CISCO Terms of Use Privacy Policy © 2017 Quann
Back to top