Cybersecurity Best Practices

Anatomy of a Breach, Client Case #1: The Importance of an Incident Response Plan

Written by Michael Nelson, MBA, CISSP | Jun 28, 2023 7:15:07 PM

In this first edition of our series, Anatomy of a Breach, we take a look at a client of ours who suffered from a breach but did not have a response plan in place (or cyber liability insurance). Here’s a look into the situation, how it was resolved, and important tips for other businesses that may be in similar situations.

The Breach

A construction company reached out to us after realizing their systems had been breached. All of the company’s workstations “went white.” This is often an indication that systems have been infected with a White Screen virus, which is a common malware that effectively kills all screen and keyboard functionality, locking a user out of their computer. In this attack, every asset the company had was compromised and its operations were completely shut down. 

To make matters worse, this company did not have an agreement or established partnership with Tech Heads at the time, and without critical context about their network infrastructure, we were already working against the odds.

The Response

We quickly called on our trusted partner Arctic Wolf to aid us in in our response. Together we dedicated a lead engineer to manage the incident response, ensuring that all of the best practices were being followed, with coordinated collaboration between Tech Heads, Arctic Wolf, and the client.

Due to the severity of the breach, the client’s network and operation systems were down for several days. However, in retrospect, between our detailed processes, following all six critical phases of an incident response plan, and effective response management — we were able to get the company back up in running relatively quickly – understandably imperative to the client. 

When IT infrastructure goes offline with no warning, the effects can be devastating, especially for SMBs. One study found that a single hour of downtime can cost SMBs $8,600, with an entire day of downtime costing close to $70,000. 

Important Factors to Consider

Despite getting their systems back up and running, it cost the client well into six figures to resolve this ransomware attack.

With no cyber liability insurance, this meant the bulk of expenses came out-of-pocket. Fortunately, our client could afford the bill. However, that is not the case for many SMBs. 

Could your business plan for a $200,000 recovery bill, or worse yet, a $5 million ransom? The cost alone could force a business to close — either due to major financial loss or reputation damage. 

It’s also important to note that without an established incident response plan, this client’s network was down for longer than it would have been if they had a plan and specific protocols in place. 

According to IBM, it can take a company about 197 days to identify a breach and almost 69 days to contain one. IBM found companies that can contain a breach in less than 30 days, on the other hand, save more than $1 million compared to those that are closer to the average response time. 

Cybersecurity incident response plans allow cybersecurity professionals to effectively diagnose, contain, and respond to attacks in a timely manner in order to protect organizations from bad actors. It is also increasingly required by cyber liability insurance providers.

The Takeaways

Responding to a cybersecurity incident is already stressful, particularly for SMBs with an under-resourced IT team or no team at all. That’s why it’s important to have a comprehensive incident response plan in place, one developed by experienced cybersecurity professionals that consider all of the critical best practices to preserve your business operations, revenue, and reputation. 

Partnering with a Managed Security Service Provider (MSSP), like Tech Heads, ensures that you have a collaborative partner in your corner with all of the skills and experience necessary to help secure your business. More specifically, our Managed Detection and Response tool THInc. Patrol, provided in partnership with Arctic Wolf, offers an intelligent, responsive monitoring solution built for SMBs like yours. THInc. Patrol ensures that you have eyes on your network perimeter 24/7 to reduce vulnerabilities, respond immediately to threats, and protect what’s most important to you

 

Actionable Insight:

Incident Response Plans

Cyberattacks are evolving every day, and with that, getting more complicated to deal with. Their impacts are increasingly disruptive and damaging, putting reputation, revenue, and customer trust at stake. It’s more critical now than ever before that an organization can identify and respond quickly to security incidents and events. Whether a breach is small or large, it’s imperative that small- and medium-sized businesses (SMBs) are prepared with strong incident response plans to mitigate the risks of being a victim of the latest cyberattack.

An incident response plan represents an SMBs best chance of securing its systems and recovering from an attack. Every response plan should detail the following:

  • What defines a breach
  • The roles and responsibilities of the cybersecurity team
  • The tools required to manage a breach
  • The steps that will need to be taken to address a security incident
  • How the incident will be investigated and communicated
  • The notification requirements following a data breach

If you would like consultation on developing a comprehensive Incident Response Plan for your organization, Tech Heads can help. Contact Us Today!