Light Dark
January 14, 2021 By Sue Poremba 3 min read
Security Services

Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Without a solid security team, it is more difficult to get the rest of the workforce on board to meet challenges.

Cybersecurity Best Practices for Incident Response

Without best practices, entities are more open to cyberattacks, data breaches and compliance failures. This leaves them vulnerable in the current cybersecurity environment. 

Instead, companies need to be prepared for any attack. That requires advance planning on how to best mitigate any potential threat. Here are five ways to develop a well-orchestrated approach.

1. Time to SOAR

Several cybersecurity best practices involve streamlining existing tools. Too often, entities struggle to find ways for different solutions to work together. 

“Organizations tend to operate in disjointed security environments, employing an average of 45 different security tools, according to the Ponemon Institute,” writes Paola Miranda. 

IT decision-makers can better position themselves by adding a Security Orchestration, Automation and Response (SOAR) platform to their business. This solution focuses on three components designed to streamline responses to threats. Gartner predicts that by the end of 2020, about one-third of organizations with at least five security professionals will turn to a SOAR solution. It offers a way to plan by allowing teams to create a defined guide for a risk mitigation plan, to establish objectives based on company needs and to automatically use the tools that make the most sense. 

2. Look to MSSPs

Smaller companies with less complex systems can use a simpler option. In this case, turning to a managed security service provider (MSSP) could provide the options needed. 

The MSSP should offer a wide view of potential threats, rather than focus on one or two issues.

“There are multiple entry points into a company that cybercriminals can use, meaning that if an MSSP is focused on just email, cloud or endpoint, they’re leaving the customer susceptible to risk,” CRN reports.

The entire system needs to be covered by the MSSP, however, because threat actors will find openings.

3. Artificial Help

AI steps in when there either aren’t enough humans to do the job or when the job is too complex for humans. Machine learning (ML) is the type of AI that works best among other cybersecurity best practices. ML systems remember past cyberattacks — the type of attack and even the malware family — and will sniff out repeat offenders or detect changes in malware families. 

AI is also good at behavioral analytics. It detects anything norm, whether it is the type of data transmitted through the network or typing patterns and work hours of authorized users. AI is most helpful when an unauthorized user gains honest access through compromised credentials.

4. Have a Plan

If an attack does happen, your response plan is your most important weapon to prevent excess damage. Cybersecurity best practices include an incident response plan, which offers an outline on how to deal with every aspect of the attack. It should be a guide to how to find the intrusion, how to stop the intruder from doing any more damage and how to best address customers about possible data breaches and prevent reputational damage. Having an incident response plan in advance, including deciding who will be included on the repair team, gives you a blueprint to follow.

5. Make Cybersecurity Best Practices Second Nature

Even the best plan won’t work if people don’t know what to do. Addressing an incident well requires a well-oiled process, and that requires frequent drills and sticking to cybersecurity best practices. Just like your company holds fire drills, you need cybersecurity drills so the mitigation team’s behavior is natural.

Cybersecurity incidents can cause a lot of headaches, but by relying on tools and by planning for the worst before it happens, you can create a well-orchestrated approach even without having a full-time response team.

 |  |  |  | 
Sue Poremba

More from Security Services
August 21, 2024

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

July 11, 2024

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

July 9, 2024

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature