According to findings from the 2018 Ponemon Breach Report, the average cost (incident containment) of a compromised or lost record due to a breach was $148 per record and the cost savings of having an Incident Response program to address compromised/lost records would be $14 per record.
What is Incident Response?
Defining Incident Response
Before defining incident response, it should be understood what is meant by an incident.
An Incident is any unlawful/unauthorized action that involves a computer device, including IoT that has an Operating System and network connectivity.
Incident Response is a structured approach to validate, contain, and remediate malicious activity. This process starts at threat detection and is completed when there is resolution to the malicious activity.
Why is Incident Response Important?
An effective incident response program identifies, validates, and remediates incidents in a structured way minimizes the adverse impact (etc. disruption of service and loss of data) for an organization. The goal of an incident response program is to ultimately restore the organization back to normal operating standards before the incident occurred.
How to Address Incidents?
Fidelis’ Incident Response services are meant to help clients to understand their current Incident Response capabilities and any gaps that need to be remediated. The services, specifically the Incident Response Retainer service helps clients during an incident, from validation to containment to remediation. The service leverages Fidelis’ EDR and Network Threat Detection and Response solutions to help identify malicious activity, contain it, and where appropriate provide remediation steps or capabilities.
Types of Incidents or Key Components of an Incident
- Social Engineering (Email, Web Drive-by Phishing Activity)
- Web Application or network compromise
- Insider Threat or Acceptable Use Policy violations
- Incidents involved data theft of that involves PII/EPHI/PCI or intellectual property
- Incidents involving the theft of funds
- Presence of malware or blended threats
- Possession of illegal/unauthorized material that violates company policy or state and federal laws