Why do we need a Computer Security Incident Process

“The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come.”

--Confucius, Chinese philosopher

In the never ending battle to maintain cyber security, no organization can rest in safety because computer risks and threats exist perpetually. In 2014, identity theft resulted in more than 1 billion personally identifiable information records, known as PII data, being illegally accessed by cyber criminals. In 2015, the battle has raged on and the corporate damage and loss of reputation has been expensive for the companies and individuals involved.

Here is a list of the major global data breaches in 2015 reported in the media. The list includes the company name, the country of incident and the number of personal records affected or stolen. These are the computer break-ins the public has heard about. The number of un-reported hacks and data robberies that go unreported out of fear of corporate reputational loss, is without a doubt, far higher.

Major global data breaches in 2015:

  • Office of Personnel Management (US GOV) – the data breach affected 22 million government workers and contractors
  • IRS (US GOV) – the security breach affected approximate 100,000 taxpayers
  • Anthem (US) – the break in affected about 1/3 of all Americans
  • Ashley Madison (US) – the computer security breach affected 37 million cheaters
  • Hacking Team (Italy) – the data theft affected an unknown number of public Internet users
  • UCLA Health (US) – the breach affected 4.5 million unencrypted records
  • Experian (US) – the computer breach affected 15 million T-Mobile customers
  • Carphone Warehouse (UK) – the breach affected approximate 90,000 customers
  • LastPass (US) – A password management company, it is not known how much data was taken
  • Patreon (US) – the data breach could affect millions of accounts
  • CVS (US) – it is not clear how many million CVS Pharmacy customers were affected by the security breach
  • Kaspersky Lab (Russian antivirus security firm) – no data was taken

According to the National Institute of Standards and Technology (NIST), there are different types of security incidents:

  • Distributed Denial of Service Attack (DDoS Attack)
  • Malicious Code
  • Malware, Unauthorized Access
  • Inappropriate Usage
  • and Multiple Component

All of these cyber security incidents are considered to be a violation or imminent threat of a violation of a computer security policy, an acceptable use policy, or standard security practices. A security incident or malicious attack will frequently compromise an organization’s systems and disrupt normal business processes and cause huge financial damage.

Having a sound incident response process can help organizations respond to security incidents in an effective and systematic approach when they happen. A security incident process can help organizations recover quickly and efficiently from a security breach and therefore minimize data spills, financial loss, and quickly help restore normal business. Use lessons learned from past incident handling events to better prepare and protect your-self from future incidents. Lessons learned can help companies know how to better handle the resulting legal issues involved with any data breach.

To better prepare for future computer security incidents, the National Institute of Standards and Technology (NIST) recommends 9 specific actions. We have prepared a condensed checklist of these 9 recommendations to help you implement a security incident process. If you would like a FREE copy of the checklist just click this button.

Free Download - 9 Point Checklist - The NIST Recommendations on Cyber Security

Keeping company systems and data safe is a daunting task in today’s global cyber criminal environment. Keeping company systems safe and secure requires careful planning, implementation, and persistent monitoring.

As Confucius said: “When all is orderly, he does not forget that disorder may come.” In the following series, we will discuss in detail about the security incident handling process.