/prod01/wlvacuk/media/departments/media-and-communications/images-18-19/220325-Engineers_teach_thumbail.jpg)
/prod01/wlvacuk/media/departments/media-and-communications/images-18-19/BBR_logo_large.jpg){kind=logo}
/prod01/wlvacuk/media/departments/media-and-communications/images-18-19/Wolves-Story-Thumb.jpg)
/prod01/wlvacuk/media/departments/media-and-communications/images-18-19/220505-BAS9-School-Showcase-Resized.jpg)
/prod01/wlvacuk/media/departments/business-solutions/images/banners/business-we-back-you-500x250.jpg)
Proactivity in Cyber Security incident response planning
Proactive Incident Response
Incident Response (IR) is a process to manage disruptive cyber events. It includes several incident handling techniques and phases to help businesses detect, analyse, contain, eradicate, and recover from various types of cyber events. Cyber events refer to incidents ranging from computer malfunction and defaced websites to exceptionally disruptive Denial of Service (DoS) attacks such as ransomware. Additionally, the National Centre for Cyber Security (NCSC) in the UK includes accidental incidents such as damage from fire or flood in the definition of ‘incident’. Therefore, preparing for IR is also planning for Business Continuity, a vital requirement for all organisations. However, deploying incident handling techniques following a cyber-attack or data breach is not straight forward and can be challenging to businesses. The process requires technical consultancy to support each phase in the IR plan. For example, to produce bespoke policies, response procedures, communication protocols, training, IR team, and the right toolkit. These requirements are typically tailored based on several factors including business functions, priorities, infrastructure, and budget.
When to develop an Incident Response Plan?
As soon as the business is formed to engage with stakeholders in the supply chain. For a Small Business, it is expected that (at least) a basic IR plan is in place. A basic plan includes key contacts, escalation criteria, basic incident life cycle (can be a flowchart) supported by guidance on legal and regulatory requirements. Eventually, a more comprehensive plan for proactive incident response will be needed to support business continuity.
Is my Incident Response plan good?
Other useful questions to ask include but not limited to:
- Is your Incident Response plan reactive or proactive?
- How do you utilise Cyber Threat Intelligence (CTI)?
- Do you have a post-incident activity within your plan?
Incident response as a term is reactive, so it is no wonder that a proactive approach to incident response is a foreign concept to many businesses. However, it is very critical to understand that while disruptive technologies (such as Cloud Computing, Virtualisation, IoT, and AI-powered software) introduce business opportunities, they inevitably continue to proliferate the threat landscape in our fragile cyber ecosystem. For example, consider the systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality. The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by Artificial Intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail [1]. As such, recent headlines from the news include “home working increases cyber-security fears”; “hackers threaten to leak plastic surgery pictures”; and a hacking campaign compromising the infrastructure of SolarWinds, as a result, UK security analysts are trying to determine the impact of this hacking campaign on the UK.
These are a few of many examples to show that proactive cyber defence is needed to move your plan towards next-generation incident response planning. This would typically include:
- Cyber Threat Intelligence (CTI) for proactive Incident Response: using an intelligence-led approach to optimise your incident response planning
- Adaptive Response: the ability to respond in a timely and appropriate manner.
- Analytic Monitoring: Monitor and detect adverse actions and conditions in a timely and actionable manner.
- Trustworthiness: immutability, transparency, traceability, and integrity [2].
What is the impact of Industry 4.0 on Incident Response planning?
Have you thought about the impact of The Fourth Industrial Revolution (or Industry 4.0) on your business? It is the ongoing automation of traditional manufacturing and industrial practices, using modern smart technology. It is also highly associated with large-scale communications within Smart Cities. We actively research emerging challenges and have recently published new findings to help businesses understand how the state-of-the-art is emerging when it comes to cyber resilience and incident response aspects of cyber-physical systems (CPSs) in smart cities [3]. The full report can be accessed free of charge on the following link: https://doi.org/10.3390/smartcities3030046
How can we help?
SOLVD can help you to engage with the cybersecurity team at the university to explore the potential of developing a next-generation Incident Response plan for your business or other collaborations in cybersecurity.
Finally, please email us at solvd@wlv.ac.uk if you wish to be notified of future digital technologies events for SMEs, or to get in touch with our experts.
Blog by: Dr Haider al-Khateeb. Deputy Director of the Wolverhampton Cyber Research Institute at The University of Wolverhampton.
References
[1] https://doi.org/10.1109/ICGS3.2019.8688297