Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    State of the CIO – The good, the bad…

    Business and tech don’t see eye to eye, CIOs are fighting a turf war with other C-level executives and there is also an ongoing battle for tech talent. Happily, information security is a bigger priority for CEOs in 2015. So says results from the CIO.com survey involving hundreds of CIOs from various industries. Here are some of the main points:

    • On the positive side, 68% of CIOs said they have mutually shared measurable goals with other C-level executives
    • More than 75% of CIOs say they expect to collaborate on a business initiative with CFOs, COOs or CMOs
    • However, 33% of CIOs believe other departments see the IT department as an obstacle to their goals
    • 37% of business decisions-makers say the CIO is being sidelined in their company
    • 56% of CIOs expect to experience IT skills shortages in the next 12 months
    • In 2014, security was No. 8 on the CEO’s top priorities list. However, in 2015 it jumps to the 4th spot
    • However, CIOs in the retail industry are less likely to give security top priority than CIOs in some other industries
    • 23% of CIOs say that increasing cyber security will be the most significant reason for IT investments this year
    • 18% of CIOs in the retail, wholesale and distribution industries see security the same way

    You can download the full report from CIO.com here.

    Insights

    Ward Solutions predicts growth in BYOX and managed security…

    It’s 2015 and we’ve got our crystal balls out to make predictions for information security in the next 12 months.

    • More spend on BYOX
      We predict there will be an increase in spending on BYOX or mobile security in 2015 due to the volume and variety of mobile devices used by staff. The use of mobile devices continues to grow and there is added pressure on companies to accommodate this within their security policies. Appropriate security technologies and guidelines need to be put in place to enforce mobile security controls.
    • Growth of managed security services
      We predict that more companies will seek managed security services this year. In 2014, we saw our managed security services offerings grow by more than 25%. Organisations are increasingly looking to dedicated managed security service providers to outsource security services due to the cost and difficulty of managing security internally.
    • Increase in internal security incidents
      We forecast an increase in internal security incidents, either intentional or accidental from employees, or trusted third parties, resulting in more focus on insider threat programmes for companies.
    • Theft of privacy information
      Hacking is an increasing threat as very public incidents with Sony and Target have reminded us. This year, we expect theft of private information and data on devices to be one of the biggest issues facing consumers. Research shows that 92% of users store private information on their devices and loss or theft of this data would pose serious consequences. Ransomware infections which attempt to extort money from internet uses are expected to be a major concern for consumers in 2015. Last year, extremely sophisticated phishing and spear phishing targeted individuals and resulted in stolen passwords, credit card details and fraudulent eBanking activities.
    • Security for outsourced functions
      In many cases where organisations outsource functions, proper security measures do not exist. It is critical that the security policies and processes surrounding outsourced functions are in place in order to avoid breaches and data leaks.
    • More “cloud first” strategies
      When it comes to cloud, we anticipate that more businesses will adopt “cloud first” strategies in 2015 due to their cost effectiveness and agility. However, a better understanding of security issues and challenges associated with cloud computing is needed to ensure successful outcomes.
    • Move to hybrid cloud
      More companies will move to hybrid cloud, where some services are moved to cloud and others are kept on-premise. It is cost effective and a low barrier to entry to cloud computing. It also means more sensitive information can be kept on-premise while less sensitive information can be kept in the cloud.

    Subscribe to our newsletter now to stay current with all things information security in 2015.

    Insights

    7 Recommendations for Sustainable Security

    Our recommendations for a more sustainable security approach are as follows:

    • Be proactive about risks
      Adopt an ongoing sustainable risk-based approach to Information Security and threat management. Resist the temptation to be driven by vendor and industry hype. Always assess the threats, their impact and likelihood of occurrence in the context of your organisation or business in a systemic way. Make mitigation decisions based on prioritised risk.

     

    • Continuously review likely impacts
      Continuously review threats as to where they are at in their impact or lifecycle curve. Review your strategy for dealing with these threats, particularly ones that are nearing, reaching or past their peak impact phase.

     

    • Consider the lifecycle
      Consider the threats in the context of your Information System’s lifecycle. If an Information System is at risk from a threat that is due to be retired before the high impact or peak threat phase, then it does not make sense to invest heavily in best of breed niche mitigation technology. Instead, focus on accelerating the retirement of this service so that it leaves earlier in the threat lifecycle.

     

    • Reduce the cost
      Look for opportunities to reduce the cost or impact of typically more expensive mitigation solutions for these near peak, peak or past peak threats. This opportunity might lie in resource, financial costs or performance. Look for infrastructure, software, vendor and resource consolidation or overlap opportunities to reduce budget and resource usage.

     

    • Consider resources
      Review new or emerging higher impact threats so that your resources are used where they might be needed typically for newer or emerging higher impact threats.

     

    • Be agile
      Consider flexible and balanced Information Security budgeting and resourcing models to enable your organisation to deal with newly emerging threats that are a risk to your business, particularly for high risk threats.

     

    • Measure and report
      Have good reporting, intelligence and metrics – in order to facilitate your risk and lifecycle based decision making.

     
    With these recommendations taken on board, there’s no reason to be caught out when the next over-hyped security threat inevitably emerges in the new year!

    Insights

    Sustainable Security: Effectively managing the peaks and troughs of…

    The battle against cyber warfare

    Between APTs, AETs and government/political sponsored cyber warfare, it seems like every three to six months a new Armageddon style threat emerges. If you were to believe all the hype, often presented by certain media outlets and some of the less responsible quarters of the Information Security industry, new threats to information systems and digital business would be the end of the world. Unless of course you buy their “army” of expensive technology or services for the battle to prevent this slaughter.

    Despite all of these threats, digital business, information systems and technology continue to flourish. They are the key drivers and enablers for the modern and prosperous times that we live in. Why is this when these technological “comets of doom” continue to threaten the digital world we live in?

    Security threats have been around for some time

    New or emergent high impact security threats have been with us almost since Information Technology began. Before the current crop of threats, there were Viruses, Trojans, Worms, SPAM, DDoS, ransomware. Anyone remember when these emergent threats were hyped as the harbingers of doom of their respective day. Government/political and commercial sponsored spying and cyber warfare are not new or recent phenomena either, they have just been brought to the top of the agenda through revelations about the scale upon which they are happening, such as WikiLeaks and the mass surveillance exposed by Edward Snowden etc.

    Threat lifecycle

    In each case, these threats went through or are going through a typical lifecycle over time from emergence to outbreak, rising to a typically expensive peak impact followed by a sustainable, commoditised mitigation/operation. In each case the Information Security industry produced a management and mitigation strategy, usually comprising various combinations of technology, process and people.

    The initial hype phase for these threats has value to organisations and consumers in making them aware of the threat. The ongoing hype really has most value to the companies who are developing or selling the usually expensive technology, to help mitigate the issue.

    Sustainable Security: Effectively managing the peaks and troughs of threats
    Sustainable Security: Effectively managing the peaks and troughs of threats

    Non-sustainable strategy

    • A strategy of ever-increasing security spend as a percentage of overall IT spend to counter the new and ever increasing amounts of threats is not sustainable.
    • A strategy of continual ad hoc point security solution spend to help mitigate every new emerging threat is also not sustainable. This spend is not sustainable in terms of its cost, skills, resources, incremental infrastructure or reduced systems/service performance level.
    • A strategy of treating all threats similarly in terms of their risk to the business and their point in the threat lifecycle is also not sustainable as it leads to diluted finite resource and budget.

    The solution is a sustainable security strategy

    A sustainable security strategy recognises how much risk a particular threat poses to their organisation and at which point it is in its lifecycle. A CISO employing this sustainable strategy balances their “portfolio” of threat according to the current and future likely risk from these threats.

    They make their mitigation decisions by determining if, when and how to implement appropriate mitigation. They rebalance their mitigation solutions and resources, particularly after a threat’s peak impact in order to seek lower costs, less focus and requiring fewer resources. This frees up financial and resource budget to tackle relevant threats in the emergent or high impact phase.

    To help manage a number of convergent peaks from a number of high risk threats, CISOs should employ flexible spending models such as MSSP or outsourced Security-as-a-Service (SaaS) as a bridge until the preferred safeguard is adopted or as a final solution if appropriate.

    In the second part of this blog…..

    we’ll recommend a number of best practice guidelines for a more sustainable security approach.

    Insights

    2014's Media Highlights for Ward Solutions

    The team at Ward Solutions has been in the media this year on a number of occasions. Follow the links below to see the highlights.
    Business and Leadership – Ward Solutions creating 22 jobs as part of €1.8 million investment.
    Silicon Republic – IT security player Ward Solutions to create 22 jobs in €1.8 million investment.
    RTÉ – New jobs announced for Meath and Dublin.
    TechCentral – Ward Solutions creates 22 jobs as part of €1.8 million investment.
    Business and Leadership – Ward Solutions secures €120k contract with Laya Healthcare.
    Sunday Business Post – Security Watch – Why BYOD is an issue for so many businesses.
    Sunday Business Post – Fraud failures indicate industry lapses.
    Sunday Business Post – Effective encryption not implemented in many businesses.
    Sunday Business Post – ICT Security 2014 – BYOD trend at work is a fresh challenge for IT.
     
     
     

    Insights

    Ward Solutions is making the headlines…

    Silicon Republic recently published an interview with Paul Hogan, our Chief Technology Office (CTO) at Ward Solutions. The full text of the interview is below.
    “If a CIO does not maintain a strategic view, I don’t believe they could serve an organisation in the best manner,” says Paul Hogan, CTO at Ward Solutions. Security player Ward Solutions has experienced an average year-on-year growth rate of 20pc over the past two years and predicts this growth will accelerate further to 30pc per annum for the next two years. The company expects to achieve revenues in excess of €10m by 2016.
    In August, the company confirmed plans to create 22 new jobs at its Dublin and Belfast offices as part of a €1.8m investment to fund its expansion. This will bring the total headcount to 80 before the end of 2016. As well as the new jobs, Ward Solutions will be upgrading services delivered via its Security Operations Centre in Citywest, Dublin. This includes the enhancement of services such as managed security, digital forensics, e-discovery and security analytics.
    Can you outline the breadth and scope of the technology roll-out across your organisation and what improvements it will bring to the company?
    There are two ways we look at information technology in the business: firstly to support the ‘internal’ workings and secondly how we use IT to assist in delivering solutions to our clients. A solution such as a Secure Managed Service, whereby we would operate and support a full stack infrastructure for a client in a highly secure manner, would be very difficult if not impossible to achieve without a significant reliance on information technology. Other solutions that are services heavy, such as Threat Based Risk Assessments, also require specific IT solutions, and when we develop secure applications for clients, there is a vast array of software that we rely on.
    What are the main points of your companys IT strategy?
    Fundamentally IT is a business enabler for Ward Solutions and it’s pervasive for all that we do in admin, finance, sales, operations and management. Through the use of IT we look to increase business value, reduce costs, and most of all deliver excellent service and quality for our clients.
    In terms of managing IT budgets, what are your key thoughts on how CIOs/heads of technology should achieve their goals?
    Depending on the industry a CIO is operating in, there are metrics, such as per cent of a company’s revenue spend on IT, which the CIO needs to be aware of. Although this can help inform IT investments, planning and assumptions, it is important that the CIO can relate this back to specific objectives within the organisation, and articulate that at board level.
    How complex is the infrastructure, are you taking steps to simplify it?
    As an organisation that has grown rapidly over the last number of years, our IT estate has grown, as well. Having said that, we have looked to consolidate and optimise and currently operate our own ‘private cloud’ infrastructure, as well as using public and private cloud solutions from Microsoft. Although the underlying infrastructure may be quite complex, the experience to the end user – whether internal or a client – should not be. Again, if you take our Secure Managed Services offerings, there are a lot of underlying technologies and management systems that we use to keep the service running which the client is generally unaware of, but at the same time can get access to reports and dashboards showing the state of their service.
    Do you have a large in-house IT team, or do you look to strategically outsource where possible?
    All our IT is performed in-house, we do have support contracts with vendors for specific products that we use typically for third-line support. Outsourcing is a major consideration for a lot of CIOs, but not as much with us.
    What are some of the main responsibilities of your own role, and how much of it is spent on deep technical issues compared to the management and business side?
    In this role, I have had to step away from deep technical issues a number of years back to maintain a more strategic view of IT within Ward Solutions. I do believe it is important for the CIO to keep reasonably up to date with latest and emerging technologies and their potential application within the organisation, and this can be done without having to get “your head under the hood”. If a CIO does not maintain a strategic view, I don’t believe they could serve an organisation in the best manner and runs the risk of missing the bigger picture if looking at deep technical issues.
    What are the big trends and challenges in your sector, and how do you plan to use IT to address them?
    Innovation is key for us, it’s critical that we are always looking at new products and services to meet the demands of our customers. As a security services provider, the majority of these require an element of IT for delivery or support. In the area of Secure Managed Services we are constantly adding services to the catalogue which have a key reliance on IT. For example, we recently renewed our eDiscovery offering, which required a significant investment in software, servers and storage.
    What metrics or measurement tools do you use to gauge how well IT is performing?
    Firstly, we see if we can run IT to the budget allocated, but that’s not the full story. Internally, as part of our employee satisfaction programme, we would determine if IT is delivering to the expectations of our staff from all areas of the business and externally.
    Are there any areas youve identified where IT can improve, and what are they?
    There is nothing specific that stands out, however, as an organisation, we strive for continuous improvement across all areas of the business under a LEAN/six sigma programme, and that applies to IT, as well. Additionally, we are working towards the ISO 9001 certification, and we would expect to see some improvements in IT within that process.
    What other projects do you have lined up for the year, and what will they contribute to the business?​
    We are looking at deploying a new professional services automation (PSA) tool. This should make us more efficient in terms of how we run our business initially in the areas of resource utilisation and project management, which is the internal view, but also will deliver value to our clients in terms of easier ways to interact with us for service and support-related issues. In particular, we see lots of potential in running the Secure Managed Services offering in a more efficient and streamlined manner. The longer-term benefits accruing to the business would be realised when we fully integrate our CRM and finance packages, as well.
    Read the full story on Silicon Republic here.

    Insights

    The 5 Pillars That Ensure Practical and Sustainable Incident…

    Welcome to our final blog in this particular information security series where we bring you pillars 4 and 5 that will ensure practical and sustainable incident response within your organisation.
    4. Resources and accountability
    As with all plans and processes they are useless unless they have adequate resources and accountable roles. The Incident Response resource pool needs to be staffed by interested and willing stakeholders from all levels in the business, with suitable skills and tools.
    It needs to address or encompass all identified roles from technical through investigative, incident supervisors, communication and public relations, legal, HR, impacted business units function heads etc., with any associated geographic spread.
    Organisations frequently forget to include, consider and contract relevant key suppliers, service providers, partners and customers in their plan. Organisations also need to consider the tools they might need. Smart tool selection on the part of information security means that tools for incident handling are part of your prevention/mitigation strategy. It also means they have an important role to play in detection and incident handling, giving you best bang for your euro.
    The tools you need to ensure information security:

    Purpose Tool
    Detection Database Activity Monitoring (DAM)IPS/IDSSIEMDLPAnti-Malware endpoint, gateway
    Analysis / Investigation Network ForensicsDigital forensicsNetwork AnalysisSystems Management and Monitoring toolsProvisioning toolsLog Management, analysis and Audit tools
    Incident Management Incident case management tools – mobile, cloud and on premiseSupport, ticketing and tracking toolsKnowledgebase and support toolsIncident management extensions to detection toolsCollaboration, and workflow environmentCommunications technology – phones – fixed and mobile, conferencing, mobile devices – laptops, tablets, PDAs
    Incident management training tools
    Prevention/Mitigation Most standard Information Security technologies such as:Firewalls, WAFS, UTM’s, NGFWWeb and email GatewaysAnti Virus / Anti Malware – endpoint, applicationAET/APT mitigation technologies such as Quarantine etc.SIEM
    IPS/IDS
    Network and endpoint DLP
    DAM
    Encryption
    Vulnerability Management and AST
    Configuration and patch management
    Identity and Access Management

    5. Sustainability
    Any Incident Response process should be part of your day-to-day operations, from small through to critical information security incidents. Your process simply needs to be scalable, flexible and appropriate.
    For example, a minor malware infection on a single unimportant workstation might not warrant C level notification, rolling out the in-house solicitor and PR machine. However if you follow a standardised process for each incident then you are continuously validating and refining your process and skills for the big incidents and consistently improving your prevention and mitigation by applying lessons learned.
    Our Advice…
    The bottom line: Change the conversation within your business, acknowledge that significant security incidents will occur. Mobilise your business to hone your response efforts beyond simple DRP to cover all likely information security incident scenarios in equal measure to prevent, detect and reduce the costs of a breach to your business. The alternative is an immature incident response approach, costing up to 20 times more to rectify. That’s an alternative that your business doesn’t need. Plan ahead and protect your future.

    Insights

    The 5 Pillars That Ensure Practical and Sustainable Incident…

    Welcome to the fourth blog in our information security series where we guide you through five pillars that will ensure a successful incident response programme for your organisation.

    In our experience, organisations tend to over-complicate their approach to incident response. The pitfalls we have come across are creating silos, impractical approaches, poor and complicated communication with the business (before, during and after) resulting in ineffective response capability, weak management commitment and little or no resources and agreed plan to act.

    IT incident response is really simple if you approach it clinically. It is about:

    Restoring normal business operations dependent on Information Systems that have been disrupted by some incident, as quickly as possible with minimal impact to the business and preventing similar incidents from having significant impact on the business in the future..

    1. Gain executive support

    You need a simple and effective communication plan to make the executive aware of the overall risk, impact and likelihood of incidents occurring to the Information Systems of the business. Achieve awareness by using strategic language and a manner that is appropriate and relative to an executive. Use language such as AETs, SIEMs, CSIRTS etc. and you will have lost them. However, expressing the impact of downtime of your e-commerce channel in €XX,000’s per hour with an externally validated high likelihood of a sustained outage as a result of significant underinvestment in securing this channel will get their attention.

    What you want from the executive is a mandate for your plan to address those risks proactively and reactively. You also want one or more executive sponsors permanently attached for the sustainability and operation of your incident response plan, as well as your overall Information Security Management System.In our experience, Business Continuity Programmes or Disaster Recover programmes are terms and concepts that executives are more than aware of at a business governance level. Therefore they typically gain easier acceptance and sponsorship.
    IT and IT security often miss an opportunity to “Trojan horse” the broader set of security risk/incidents and incident response under BCP or DRP umbrellas (and budgets) by being too narrowly focused on “disaster” scenarios only, rather than including all important information security incidents that have potential to significantly impact the business.

    2. Defined agreed objectives and scope

    Organisations that have mature Incident Response capabilities typically have crystal clear objectives for their response plan and understand the scope of the systems and processes that need to be managed under the plan. They can also articulate relevant objectives to all levels of the business in a compelling fashion.

    3. Documented, communicated, workable process and plan

    Your organisation’s Incident Response process and plan should be well documented and communicated. It should be backed by simple policy and procedures and cover all of the following major phases of incident response, which we detail below.

    Communication Phase

    This is not so much a distinct phase, rather a critical requirement through all phases , including prior to the incident. An effective communication plan tells the right people when things are normal and when they are not. It tells the right people the right amount of information at the right time. A good plan won’t over-dramatise events as this risks “crying wolf” syndrome. It should also tell people what is needed or what they need to do at key points in time and it should follow up and close the loop. Communication should orchestrate the plan when an incident is occurring.
    Information Security should take their lead from other compliance roles – such as health and safety. Our Incident Response communication plan should also communicate the effectiveness of your prevention/deterrence actions by outlining how long you have been without significant Information Security incidents. That way information security and your Incident Response plan stays on the agenda all the time!

    Detection Phase

    Review your detection mechanisms to ensure you are minimising your exposure time and that the incident is real i.e. not a false positive

    Assessment & Triage Phase

    Figure out what is going on and determine immediate actions to try and achieve your objectives. Remember the typical goal is restore services in the shortest time with minimal impact. There may be a low risk quick fix to do this without waiting to follow subsequent phases. However the Hippocratic oath is relevant in this context. Whatever you do “first do no harm”.
    This phase might also need some level of detailed forensic investigation to try and pinpoint the problem source and impact and possibly preserve evidence to legal, civil or compliance litigation purposes.

    Mitigation Phase

    Once you have a fuller picture of what is happening, work to put in place a sustainable solution to address the problem. Speed is typically of the essence to minimise impact so you may need a phased plan for short and longer term mitigation.

    Recovery Phase

    Recovery is the execution of the process to restore BAU, business as usual, enabled by the mitigation.

    After Action Review Phase

    Continuous improvement means that once you have learned key lessons from the incident, the organisation takes the lessons on board and puts in place the necessary systems, resources and processes to prevent similar incidents occurring or having impact in the future.
    CISOs or CIOs can usually make the “unanticipated incident” justification for significant events, once or maybe twice in their careers within an organisation. Organisations and their IT function have traditionally been shy about sharing the fact that they have had a security incident whether within the organisation or with affected parties. As part of “changing the conversation” (link to previous blog)wouldn’t it be really refreshing to get an email from your service provider along the following lines

    “Dear valued customer,
    Today we had a sustained outage of over 2 hours resulting from a denial of service attack originating from a compromised set of computers in data centres in Asia, targeting our online store. From our investigations none of your data was compromised during the incident as the result of strong security measures that we have put in place since our inception. Since the denial of service attack, we have further revised our other perimeter security solutions and we have put in a best of breed DDoS service.
    Though similar and other attempted attacks are continuing, our service is back to near normal. We will continue to work with our ISPs and local and regional law enforcement to ensure the continued protection of your data in any future security incident.”

    I would trust and value that level of honesty from my internal or external service provider far more than sustained silence or a one line notification of an outage with an apology.

    Pillars 4 and 5

    We’ll leave you with that wealth of information this week. Next week, we bring you the final two pillars that will ensure practical and sustainable incident response. In the meantime, follow our posts on Twitter and LinkedIn to keep up to date with information security.

    Insights

    What An Incident Security Plan Could Mean For Your…

    Welcome to our third blog in this short series which takes a look at the varying costs of security incidents, which depend on the strength of the response put into place. Well documented research and evidence from reputable organisations  Incident response plansuch as Ponemon points to the all-in costs per record of a data breach/data loss incident – ranging up to €160 per record per incident – for organisations that don’t have a well documented and rehearsed security incident response plan.
    Bringing Down The Cost
    For organisations that invest in well-developed and rehearsed security response plans prior to the loss or breach – they can potentially bring those costs down to an average of €13 per record breached or lost.
    So the range of costs for say a 20,000 record breach would be €3.2M for a company with an immature incident response plan to €260,000 for an organisation with a mature incident response plan. Both sets of cost are significant, however it is up to 20 times more expensive for the same scale of breach for organisations with an immature incident handling process.
    In Our Experience…
    Our experience of helping customers to respond to such incidents backs up this research. Responding to incidents where an organisation is not prepared is typically a car crash scenario. Unplanned reactions in a lot of cases aggravate the incident both at a technical and business level. How many clumsy media statements have we seen from organisations undergoing an incident?
    Anxious to respond to the media pressure of the initial incident, they later have to row back with press releases and customer communication details, confirming that they don’t know the basics of what, how, how many, who, when or for how long?
    Helpful Response Plans
    Helping organisations who have a thorough, documented, rehearsed and maintained incident response plan is different. The incident still happens, but the organisation goes through phases of incident response in a structured and well executed manner.
    People throughout the business understand their roles and responsibilities. Communication channels are clear. External agencies and suppliers are identified and notified. Legislative responsibility is understood. These organisations typically minimise their exposure time, minimise the likelihood of aggravating actions, minimise data loss and restore normal service and business faster.
    They also usually preserve or maintain digital evidence so the event can be investigated properly, and prosecutions civil, criminal or other can be brought successfully if required.
    Competence Intact
    Most importantly, despite a potentially damaging event, the organisation appears competent thus reassuring their customer and partners, and stands a better chance of surviving the incident and improving their security processes in the future.
    Next Week…
    We talk you through what your Incident Response plan should include and how best to maintain it.

    Insights

    What It Takes To Really Protect Your Data

    information security in business
    Information security in business

    As security professionals, we understand and focus on proactive and reactive security measures and technologies, concentrating the majority of our efforts on trying to prevent and detect incidents. We understand and are comfortable with prevention technologies such as firewalls, perimeter gateways, endpoint protections technologies, DLP and IPS systems.

    Familiar Focus

    We are familiar with auditing and testing the environments, writing policies and training users. We then tend to focus our next effort on detection solutions such as IDS, Quarantine/AET/APT SIEM systems.
    Psychologically these detection solutions are less appealing to us as they are an explicit acknowledgement that our prevention strategy will most likely fail. Nonetheless we are keen to detect in order to reduce our exposure time and minimise the impact of breaches. All of these solutions and services may be perfectly valid, appropriate and justifiable to help reduce the impact of likely security incidents as part of a structured Information Security Management System.

    Response

    The area that tends to receive least focus is “the respond” piece. Organisations develop and rehearse Disaster Recovery plans either on their own or as part of business continuity plans because financial auditors and insurers mandate it. Organisations tend to leave their respond efforts there – compliance box ticked.

    Disaster recovery response planned is for one specific scenario for a set of specific security incidents. There are lots of other security incidents such as data breach or data leakage, malware or ransomeware outbreak and loss of critical service incidents (accidental or DOS/DDoS) that might not require or invoke any disaster recovery protocols. They still warrant a carefully documented and rehearsed IT and business-wide response.

    Next time..

    In our next blog, we use our specialist security knowledge to tell you the importance of a thorough, reliable incident security plan.