Incident Response and the Essential Role of an Information Security Advisor
Did you know, over 75% of cyberattacks start with a simple email? (Norton) With thousands of emails going in and out of your organization daily, how prepared are you for a cyber incident?
Do you have an Incident Response Plan?
In the event one of these malicious emails ends up in an executive’s inbox, the damage could be catastrophic. Many information security frameworks, like The National Institute of Standards and Technology’s Cyber Security Framework (NIST CSF), suggest that organizations should create an incident response policy, plan, and procedure to protect themselves in the event of a cyber incident, like a business email compromise. An incident response plan acts as a shining light in an organization’s time of need. But, how do you ensure this document is understood and followed?
We had a plan, but no one followed it.
An information security advisor can help guide your organization through effective incident response, minimizing damage and legal liabilities. Providing a wealth of resources and knowledge on incident response is one side of the coin, the other is helping your organization stay true to those policies and procedures. Whether that be safeguarding executive emails to deter spear phishing attacks, or providing specific insight into the current threat landscape, an information security advisor can help keep your organization informed, proactive, and productive.
We’re okay… We have a great IT department.
When it comes to incident response, there is often a sense of fear and urgency as an incident can cause increased stress among organizations and individuals. According to The National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide, the first step in handling an incident should be preparation and prevention. Within this step, organizations are called upon to understand roles and responsibilities, provide documentation, and understand security safeguards and controls. While the IT department may help fill in some blanks, there is added value in having an information security advisor to educate, discuss, and guide both the IT department and the board of directors.
Being able to speak to all sides of the table regarding information security is a must in today’s ever-changing cyber environment. The role of an information security advisor is different than a CISO (or virtual CISO). Having an internal resource that understands your organization’s technical environment is crucial when discussing topics like incident response. Just as the Board of Directors provides a counterbalance to an organization’s executive team, the information security advisor counterbalances the CISO. An information security advisor can help provide perspective by pairing detailed organizational information with their understanding of the current threat landscape, helping keep you and your organization safe.
Hospital Suffers Two Breaches in Two Years
Consider the scenario of a healthcare organization facing two successive security breaches in two years. The organization diligently follows its incident response plan; however, complications arise when the insurance-provided forensic firm takes the organization for a costly and frustrating ride. The investigative processes necessitate the installation of complex endpoint security tools, posing a challenge for the IT staff. After weeks of unsuccessful attempts, the forensics firm cannot determine the intrusion point. The CIO is then faced with the decision of whether to deinstall several thousand applications or keep the tool as part of a hastily enacted Security Operations Center (SOC)-as-a-service initiative, with the forensic firm offering the service for an additional fee. The board struggles to understand how the incident response plan can go so far awry and loses confidence in security leadership.
Benefits of an Information Security Advisor
Introducing an independent information security advisor in challenging situations like the scenario just described could significantly and favorably impact the incident-handling process. An independent advisor, with expertise in cybersecurity and incident response, can bring several key benefits:
- Objective Assessment: An advisor can provide an unbiased and objective assessment of the incident response processes and the actions taken by the forensic firm. This impartial evaluation helps the board gain a clearer understanding of whether the chosen strategies align with best practices and industry standards.
- Cost-Benefit Analysis: An advisor can conduct a thorough cost-benefit analysis of the forensic firm’s recommendations and the proposed SOC-as-a-service initiative. This analysis aids the board in making informed decisions about the additional costs incurred and whether they align with the organization’s overall budget and risk tolerance.
- Technical Expertise: Information security advisors typically bring a wealth of technical expertise and industry knowledge. Their insights can bridge the gap between technical complexities and the board’s understanding, facilitating clearer communication and decision-making.
- Alternative Solutions: An experienced advisor can suggest alternative solutions or approaches that might be more cost-effective and efficient. This can empower the board to consider different options and choose the one that best aligns with the organization’s goals and resources.
- Risk Mitigation Strategies: The advisor can assist in identifying and prioritizing potential risks associated with the incident and propose solutions. This information enables the board to develop effective risk mitigation strategies and allocate resources where they are most needed.
- Communication Facilitation: The advisor can act as a liaison between technical teams and the board, ensuring that complex technical details are translated into comprehensible insights. This facilitates more effective communication, allowing the board to make decisions based on a clearer understanding of the situation.
- Enhanced Board Confidence: The involvement of an independent advisor signals a commitment to transparency, due diligence, and a proactive approach to incident response. This, in turn, can enhance the board’s confidence in the organization’s ability to navigate and recover from security incidents.
Bottom Line
An information security advisor can bring valuable expertise, objectivity, and strategic insights to the incident-handling process, positively impacting the board of directors by enabling more informed decision-making and enhancing the organization’s overall cybersecurity posture. With over 75% of cyber-attacks starting with a single email, staying prepared, proactive, and protected is essential. An information security advisor can help you and your organization stay on top of these threats, and many others, with an educational and effective value-based approach.
Contributors:
Marc Johnson
Stephen Collins
Related Articles:
Cyber Leaders Interview with Marc Johnson, CISO
Rapidly Evolving and Increasing Cyberthreats: Why You Need an IT Assurance Service Program
Cyber Threats: Actionable Strategies for 2023
Healthcare’s email security problem is a compliance and forensics nightmare