Planning, tools, and automation for incident response: Action points from Stephen Nichols

In the recent SuperSummit Virtual ‘24, we had an insightful session on planning, tools, and automation for incident response, featuring Stephen Nichols, the Director of Solution Engineering at Acronis. In this session, Stephen took a deep dive into the current cybersecurity landscape and the importance of proactive measures to protect against threats. Let’s look at the key action points from Stephen's session, to enhance your organization's security and operational efficiency.

The current cybersecurity landscape

Stephen started the session by shedding light on the current cybersecurity landscape. Bad actors constantly evolve and leverage AI and machine learning to carry out sophisticated attacks. Email remains a significant entry point for threats, with attackers using AI to craft convincing phishing attempts that mimic legitimate communications. Furthermore, unpatched services pose a substantial risk, emphasizing the need for automated patching processes.

A holistic approach to incident response

As Stephen explored incident response, he emphasized the importance of a comprehensive approach. The NIST cybersecurity framework serves as a holistic guideline for addressing incidents, threats, and attacks at various stages. Understanding the environment, role-based management, and having real-time visibility through dashboards and reporting are crucial elements for effective incident response.

Best practices for cybersecurity

Stephen delved into best practices for cybersecurity, providing guidance for organizations to protect themselves from threats and attacks.

1. Reliable backup and disaster recovery

Backing up data and workloads is fundamental to mitigating the impact of incidents. Stephen stressed the need for adopting reliable backup and disaster recovery tools and procedures. This includes ensuring backups cover all devices, workloads, and email. He introduced the 3-2-1 rule: having three copies of data stored in at least two different locations, with one copy being securely stored in the cloud. Clear disaster recovery policies and regular testing ensure preparedness.

2. Regular patching and critical system testing

Regularly patching and testing critical systems is a crucial practice to prevent vulnerabilities. Stephen stressed the importance of keeping systems up to date and proactively testing them. By doing so, organizations can significantly reduce the risk of falling victim to known attacks.

3. Email security and cyber awareness training

Email continues to be a prime target for cyber threats. Stephen emphasized the need for robust email security solutions to combat phishing attempts and other email-based attacks. Additionally, organizations must invest in ongoing cyber awareness training to equip their employees with the knowledge to identify and respond appropriately to potential threats.

4. Data encryption and immutable cloud storage

Risks associated with data encryption were highlighted by Stephen. While encryption provides an extra layer of security, it's essential to have backups protected against potential compromises. Immutable cloud storage ensures data integrity and prevents unauthorized alteration or deletion, offering an added layer of protection against malicious actors.

5. Incident detection and response

Early and effective incident detection is critical in minimizing the impact of cybersecurity incidents. Stephen emphasized the use of behavior-based detection and AI tools to identify and respond to threats promptly. Quick incident response measures, including isolation, forensic backups, and remote access for investigation, play a crucial role in preventing widespread damage.

6. Disaster recovery and business continuity

Stephen accentuated the need for disaster recovery planning to maintain business continuity during incidents. Organizations must have strategies in place to ensure critical workloads remain functional even in a compromised environment. Neglecting disaster recovery efforts can have severe consequences, as studies show that a small or medium business offline due to a cyber attack for a few days has a 50% chance of going out of business within six months.

7. Collaboration and knowledge sharing

Stephen concluded his session by highlighting the importance of collaboration and knowledge sharing to combat cyber threats effectively. Organizations should actively share information about encountered attack vectors, enabling others to fortify their defenses and build collective resilience against evolving threats.

To wrap up

This session provided valuable insights into safeguarding organizations against the constantly changing threat landscape. It emphasized that cybersecurity involves not only prevention, but also efficient incident response and recovery. By implementing reliable backup and disaster recovery procedures, regularly patching critical systems, investing in email security, and cultivating a cyber-aware workforce, organizations can greatly enhance their security posture.

We don’t want you to miss out on the rest of the sessions from SuperSummit Virtual ‘24 — feel free to access the recordings and revisit key highlights!