{"id":2890,"date":"2021-05-24T12:04:50","date_gmt":"2021-05-24T12:04:50","guid":{"rendered":"https:\/\/itegriti.com\/kw022024\/?p=2890"},"modified":"2021-05-25T12:49:18","modified_gmt":"2021-05-25T12:49:18","slug":"smb-guide-to-incident-management-review","status":"publish","type":"post","link":"https:\/\/itegriti.com\/kw022024\/2021\/managed-services\/smb-guide-to-incident-management-review\/","title":{"rendered":"SMB Guide to Incident Management & Review"},"content":{"rendered":"

The cost of a data breach has remained consistently high over the previous few years. In its 2020 Cost of a Data Breach Report<\/a>, for instance, IBM found that the global price tag of a breach averaged $3.86 million. That\u2019s down 1.5% from a year before, but it\u2019s still consistent with previous iterations of the study.<\/p>\n

Understanding This Cost in Terms of Dwell Time<\/h2>\n

Numerous elements factor into the cost of a data breach. One of the most significant among them is dwell time, or the amount of time that elapses between when an attacker first infiltrates an organization\u2019s network and when they\u2019re caught. The more time that attackers have within a compromised network, the greater likelihood that the cost of the security incident will go up.<\/p>\n

Ricardo Villadiego, founder and CEO of cybersecurity company Lumu<\/a>, expanded upon this relationship as it relates to ransomware in an article for Dark Reading<\/a>:<\/p>\n

When attackers are able to remain undetected inside a network, they may spend weeks or months exploring it in-depth, trying to escalate privileges and leverage those permissions to push ransomware onto as many endpoint devices as possible. They can also use this time to identify critical network resources, such as system backups, network segments storing sensitive data, and other key systems that can be used to disseminate their ransomware widely.<\/p>\n

Seen this way, dwell time adds what Solutions Review<\/a> calls \u201cexponential damage\u201d onto a data breach. Greater dwell time potentially increases the parts of the network infiltrated and the number of accounts compromised, thus costing the organization more in time, legal fees, compliance penalties, and identity restoration services for victims. But it also increases the reputational damage when customers find out that the organization suffered a data breach but didn\u2019t notice for months or years. Such a realization could motivate customers to stop doing business with a victimized organization, thereby threatening its profitability and longevity.<\/p>\n

All of this is an issue in light of IBM\u2019s 2020 finding that the average time for an organization to contain a breach was 280 days. This data breach \u201clifecycle\u201d means that attackers on average have nearly a year to explore their victims\u2019 networks undetected.<\/p>\n

On the Need to Reduce Dwell Time<\/h2>\n

Small- to mid-sized businesses (SMBs) and other organizations need to have capabilities in place through which they can respond to an incident quickly and minimize dwell time. The reality is that many organizations don\u2019t have these means, however. In a survey of more than 800 CISOs, for instance, FireEye<\/a> found that the majority (51%) of respondents didn\u2019t believe they were prepared to, or would respond well in the event of a digital attack or data breach. The security firm also learned that nearly a third (29%) of organizations with incident management plans had not tested or updated them in at least the last 12 months.<\/p>\n

That\u2019s a problem. Every company experiences cyber incidents every day, even if they don\u2019t know about them. From random users forgetting their passwords, to true brute force intrusion attempts, cyber incidents are occurring constantly. Deciphering those cyber events that are normal from those that represent a cybersecurity risk needs to be SMBs\u2019 focus. As such, procedures that a company follows in order to identify incidents and respond appropriately make an enormous difference in not only pinpointing issues, but also in providing effective management and control of all responses to minimize negative business impacts.<\/p>\n

How to Augment Incident Management<\/h2>\n

Here are three things in particular that SMBs can do to bolster their incident management efforts:<\/p>\n