Recently, there’s been an increase in the number of cyber-attacks, but we’ve also seen changes in how these attacks are carried out. Ransomware with exfiltration has become very prevalent, as has phishing, which is often how ransomware and malware gain a foothold. Additionally, attackers have becoming more sophisticated and are increasingly targeting partners and the supply chain as entry points, as highlighted by the FireEye and SolarWinds’ SUNBURST incidents.
When a cyber incident occurs, it can quickly escalate into a business crisis, leading to operational disruption, financial losses, legal implications, and reputational damage. The goal of incident response is to handle the situation in a way that limits damage, reduces recovery time and costs, and other damages. Cybersecurity incident response is critical to today’s businesses because, simply put, there is so much to lose.
Incident response describes the process by which an organization handles a data breach or cyberattack (the “incident”), including the way the organization attempts to manage the consequences of the attack or breach. Because many companies experience a breach at some point in time, a well-developed and repeatable cybersecurity incident response plan is the best way to protect your company.
There are six key phases of a cybersecurity incident response plan and having full-fidelity packet capture and flow data is essential to many of them:
There are a variety of incident response tools that can be used for incident response investigation, risk assessment, and remediation. Packet and flow data are the most common:
Selected Country/Language: English