Skip to content

Incident Response Readiness

Incident response is the regular practice to identify, mitigate, and report cybersecurity threats. Most organizations aren’t prepared for the inevitable even though it’s state and federal law.

A cybersecurity breach for your organization is inevitable. Neither government, nor any type of service or product can prevent this certainty. While politics and pandemics rage, hundreds of businesses are destroyed and thousands of lives are ruined daily by cybersecurity incidents. For years, we raced to notify customers of imminent threats and preventive actions before the misinformation of the media. Eventually, we recognized the cycle of reactive panic and paranoia and stopped it.

Security Incident Myth

The common belief is that cybercriminals are easily hacking every technology. While it’s true most consumer devices are easily accessed, the reality is that 90% of security incidents are due to human error. TV and movies portray soldiers or police eliminating cyber-terrorists or arresting cyber-punks. However, there is no Geneva Convention for cyberwarfare and cybercrimes are rarely solved.

There is no guarantee that cybersecurity insurance will pay your claim. For the average business it often means bankruptcy either immediately or in a few years. The burden is devastating with unexpected expenses, lost customers, lower revenues, disgruntled employees, and damaged reputation.

Cunning Pitch

If you do a search for “Incident Response”, you’ll see ads from AT&T to CDW – along with various cybersecurity products. Incident response is straight-forward business process and not a monthly monitoring service or expensive consulting package.

Don’t delegate your responsibility to a distributor or Internet Service Provider as they don’t have the expertise or ability to identify threats, much less correct afterwards (also making any reporting suspect). The main reason these players offer incident response services is because they’ve had to learn from various data breaches of their own.

Common Story

For the last 20 years, it’s been the same story over and over. There’s a cybersecurity incident at some organization. If it’s a big brand, government target, or recognized celebrity then there is a media frenzy with a terse public statement by the victim followed by wild speculation of inept practices or sophisticated cybercriminals. The bigger the dollar loss or individual privacy violated, the better the story.

Fines are paid. Lawsuits are defended. Insurance claims are filed. Forensics experts are hired. Marketing statements are published. Customers are notified.

Information technology personnel get new systems and the rest of the staff get a brief webinar. A quarter later the public statement is removed from the website, the incident is forgotten, and business returns to normal – until the next time.

Reverse Approach

What if you reversed the problem? Instead of ignoring the inevitable and reacting afterward, what if you published your process for incident response before any security incident? Incident response readiness shows your commitment to protecting customer privacy and allows a quick and minimal update when there is a cybersecurity threat. It’s actually been a requirement by your state and the IRS and FTC since 2018, along with having a security plan.

The next thing most organizations don’t have in place is regular data breach training with a security awareness score overall and by employee. Often security policies are only mentioned at time of hire. All the effort and expense is put into trying to prevent an attack cybersecurity products and services, but little effort is done to educate staff who 90% of the time fall for phishing and other scams with no hacking by cybercriminals.

Stop guessing and hoping your staff won’t fall victim to a scam and know your Employee Secure Score (ESS). Request free Data Breach Training today.

Insider Problem

The VP of Sales receives an e-mail from a vendor requesting payment that is late along with some wiring information. It’s a critical customer project that will be quite lucrative for the firm, so he forwards to Accounts Payable carboning the rest of management so they are aware. 45 days later the vendor contacts the VP again and he confirms that the wire was already sent. It’s only then that he realizes the e-mail address wasn’t the same and the wiring information was for a different company in Russia.

He wasn’t hacked. He and no one on the team read the e-mail closely. Accounting also didn’t confirm the wiring information. No password protection or software would have prevented his action. $400K was wired off which is not covered by the FDIC and nothing can be done about a standard banking transaction over 30 days old. Unfortunately this story happens virtually every day.

Incident Response Red Alert

Since the first 45 days of the year, dozens of companies have been breached from heavily hyped Solarwinds and Mimecast to lesser known Ubiquity and Pixlr. For clients or prospective clients we have this notice published:

  1. Matrixforce is NOT a Solarwinds or Mimecast customer.
  2. Matrixforce does NOT sell customer information for advertising services.
  3. Matrixforce does NOT utilize third-party contractors.
  4. Matrixforce has NO customer data stored on our corporate network.
  5. Matrixforce provides Vetted IT Support with publicly publishes supporting government and industry verified criteria for suitability and trustworthiness.

Every organization is required to practice and publish regular incident response by state and federal law, yet few have been informed because the “experts” they depend upon are inept or uniformed.

In 30 minutes a licensed cyberist can give you the answers you need to compare any IT service provider and decide if we’re a fit for you – at no cost or obligation. Schedule Consult

Leave a Reply

%d bloggers like this: