January 14, 2021 By Sue Poremba 3 min read

Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Without a solid security team, it is more difficult to get the rest of the workforce on board to meet challenges.

Cybersecurity Best Practices for Incident Response

Without best practices, entities are more open to cyberattacks, data breaches and compliance failures. This leaves them vulnerable in the current cybersecurity environment. 

Instead, companies need to be prepared for any attack. That requires advance planning on how to best mitigate any potential threat. Here are five ways to develop a well-orchestrated approach.

1. Time to SOAR

Several cybersecurity best practices involve streamlining existing tools. Too often, entities struggle to find ways for different solutions to work together. 

“Organizations tend to operate in disjointed security environments, employing an average of 45 different security tools, according to the Ponemon Institute,” writes Paola Miranda. 

IT decision-makers can better position themselves by adding a Security Orchestration, Automation and Response (SOAR) platform to their business. This solution focuses on three components designed to streamline responses to threats. Gartner predicts that by the end of 2020, about one-third of organizations with at least five security professionals will turn to a SOAR solution. It offers a way to plan by allowing teams to create a defined guide for a risk mitigation plan, to establish objectives based on company needs and to automatically use the tools that make the most sense. 

2. Look to MSSPs

Smaller companies with less complex systems can use a simpler option. In this case, turning to a managed security service provider (MSSP) could provide the options needed. 

The MSSP should offer a wide view of potential threats, rather than focus on one or two issues.

“There are multiple entry points into a company that cybercriminals can use, meaning that if an MSSP is focused on just email, cloud or endpoint, they’re leaving the customer susceptible to risk,” CRN reports.

The entire system needs to be covered by the MSSP, however, because threat actors will find openings.

3. Artificial Help

AI steps in when there either aren’t enough humans to do the job or when the job is too complex for humans. Machine learning (ML) is the type of AI that works best among other cybersecurity best practices. ML systems remember past cyberattacks — the type of attack and even the malware family — and will sniff out repeat offenders or detect changes in malware families. 

AI is also good at behavioral analytics. It detects anything norm, whether it is the type of data transmitted through the network or typing patterns and work hours of authorized users. AI is most helpful when an unauthorized user gains honest access through compromised credentials.

4. Have a Plan

If an attack does happen, your response plan is your most important weapon to prevent excess damage. Cybersecurity best practices include an incident response plan, which offers an outline on how to deal with every aspect of the attack. It should be a guide to how to find the intrusion, how to stop the intruder from doing any more damage and how to best address customers about possible data breaches and prevent reputational damage. Having an incident response plan in advance, including deciding who will be included on the repair team, gives you a blueprint to follow.

5. Make Cybersecurity Best Practices Second Nature

Even the best plan won’t work if people don’t know what to do. Addressing an incident well requires a well-oiled process, and that requires frequent drills and sticking to cybersecurity best practices. Just like your company holds fire drills, you need cybersecurity drills so the mitigation team’s behavior is natural.

Cybersecurity incidents can cause a lot of headaches, but by relying on tools and by planning for the worst before it happens, you can create a well-orchestrated approach even without having a full-time response team.

More from Security Services

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today