This year, Malaysia witnessed some of its biggest cyberattacks. This included a ransomware attack on a well-known local budget airline that saw the personal data of some five million people stolen, the theft of personal data of 22.5 million people from a national registry and a payment gateway data breach.
According to Cybersecurity Malaysia, there is an estimated 6,002 cybersecurity incidents reported as of September this year. The number of cases in a year has been consistently surpassing 10,000 since 2018 highlighting the need to strengthen cyber-defenses.
Oversights in cybersecurity have not only led to data breaches but also massive financial losses. Apart from financial concerns, the loss of sensitive data compromises trust and credibility of its customers, therefore making or breaking the reputation of an organization.
To improve their cyber resilience, many organizations have started leveraging cybersecurity-as-a-service (CaaS), a security model where outsourced specialists provide companies with cyber defenses and on-demand intervention. A popular service provided through CaaS is managed detection and response (MDR), which can help to enhance the protection levels of an organization with such things as 24/7 threat hunting, detection and response capabilities either as a fully outsourced service or as a way to fill gaps in an existing in-house team.
Whether an organization has invested in MDR or is managing their security in-house, they still need a comprehensive incident response plan to enable a quick response during a cybersecurity incident. By using MDR based on comprehensive response planning, organisations can establish a fully-fledged security operation that can withstand continuously evolving threats.
MDR is an Integral Part of an Incident Response Plan
One of the top frustrations of Malaysian cybersecurity professionals is not having enough skilled cybersecurity specialists to combat cyber threats. As such, with a lean in-house cybersecurity security team, active attacks can quickly become overwhelming. Managing multiple vendors, stakeholders and deployment tools during an emergency can be challenging and frustrating.
Not just that, an incident response plan will help to guide leadership and help them understand how severe the attack is to the organization. This will help to align their roles and responsibilities throughout the remediation process. In the absence of an incident response plan, it may be unclear whom to alert in the event of an attack.
Thankfully, the development of proactive response plans helps internal teams to assess multiple response protocols through rigorous mock scenarios and tabletop exercises. This exercise helps organizations strengthen their response muscles throughout the development lifecycle and identify problems with existing processes.
Additionally, it allows stakeholders the opportunity to develop internal alignment and prepare to integrate outsourced MDR to ensure that problems are less likely to occur in the first place.
Holistic incident response plans ensure all stakeholders know what to do during the entire remediation process. This approach also enables a streamlined relationship between all parties, which ultimately leads to faster threat neutralization.
5 Steps for Effective Incident Response Planning
You shouldn’t wait until a cyberattack to develop a holistic incident response plan. It will be too late. Ransomware is not slowing down along with the number of highly collaborative attack models. Now, every organisation is a target – it’s not a question of if you get attacked but when. Your response plan should integrate on-demand threat intelligence with support from qualified partners.
Keeping MDR in mind, follow these five steps as you develop your incident response plan:
- Stay agile. Some aspects of your incident response plan require a flexible approach. Be prepared to adapt to new threat evolutions—and to adjust your incident response plan accordingly.
- Prioritize cross-team collaboration. Cyberattacks affect all aspects of your organization. Ensure all teams—including finance, legal, marketing, PR and IT—are involved in decision-making and risk assessment.
- Maintain good IT environment hygiene. Robust IT environment hygiene minimizes the likelihood of incidents occurring—so routinely check your security controls and address any vulnerabilities.
- Keep a hard copy of your incident response plan. Always have a physical copy of your incident response plan on hand. If your organization is hit with ransomware, digital copies of your plan could be among the files encrypted.
- Leverage MDR specialists with incident response experience. Even experienced internal security teams benefit from MDR operations teams with extensive industry knowledge. These providers are well-versed in the specific threats you face and know how to respond swiftly and effectively.
By Sandra Lee, Managing Director for Greater China, Southeast Asia & Korea
21 December 2022