13 August 2020
Responding to a data breach becoming more challenging
The IBM Cost of a Data Breach Report (2020), compiled with research data from the Ponemon Institute, surveyed over 500 organisations who experienced data breaches between August 2019 and April 2020. As the spread of Covid-19 was also creating challenges for business operations during the research period, participants were asked additional questions about the potential impact on remote workforces due to the pandemic. 76% of the participants predicted that remote working practices would make responding to a potential data breach more difficult.
IBM reported that the average total cost of a data breach for companies that had an Incident Response (IR) team and tested their IR plan was over $3 million, compared to over $5 million for the companies with neither an IR team or an IR plan test regime — a difference of $2 million.
Click Here to download a copy of the report.
Kaon Security is pleased to offer Incident response assistance in the form of an Incident Response Execution Pack. Our offering is designed to improve the effectiveness of your team in dealing with a real-life incident. We provide access to a suitably qualified consultant who will assist you with the:
Assessment Phase
- Assess your current state of IR readiness
- Review your existing IR information, plan, templates and guidelines
- Identify any gaps and areas of concern
- Review current roles and responsibilities
Prepare and Deliver Phase
- Walk your team through an IR scenario using a sample playbook
- Assist in formalising the appropriate roles and responsibilities to handle incidents
- Present and discuss suitable supporting IR documentationFormalise 19 playbooks – branded and customised to follow your organisations structure
- Formalise supporting forms – brand and customise
Add-on Option Available
- Incident Management Plan
- Incident Response Simulation
- Incident Response Training Workshop
- First Responder Forensic Toolkit (FRFT) - View a previous Newsletter on FRFT - How Prepared is Your Organisation
Click Here to download a the FRFT Datasheet.
Is Your Remote Access Policy Fit for Purpose?
The accelerated adoption of Working from Home practices in 2020 has seen numerous IT teams and service providers rise fantastically to the challenge of making systems and data more available to higher numbers of remote users. For many organisations the Remote Access Policy is becoming an increasingly important element of their overall security posture.
To cater for today’s rapidly changing environment the content of a Remote Access Policy (sometimes called a Remote Access Control Policy) requires far more consideration than it ever used to. Many organisations will have originally developed this policy around traditional computing and connectivity arrangements that entailed connecting a “remote user” using a desktop or laptop to internal infrastructure via a VPN.
In more recent years enabling remote access to systems and data has been made easier, yet there are vastly more options and aspects to take into consideration if one is to draft a good Remote Access Policy, and get the associated processes and procedures right.
For example, many people use a mobile device to access company data that is predominantly located in the Cloud, whilst others are accessing company data that spans multiple different computing environments.
What are some of the elements of a Remote Access Policy you should consider documenting to cater for a changing environment?
- Access Rights and Privileges
- Anti-Virus and Firewall Protection
- Information Management
- Connection Requirements
- Audit Trails and System Logs
- Equipment Use
It is also key to ensure that users are aware of the related policies that need to be reviewed and signed in advance of providing remote access, for example:
- Acceptable Use Policy
- Password and Authentication Policy
- Communication and Mobile Device Policy
Read how we have assisted Inner West Council to develop and deliver policies to meet their business requirements. Click Here to view the case study.
View our new video about the key aspects of the Policy Management as a Service offering.