Tips for dealing with IT security incidents
21/10/2019 |

Tips for dealing with IT security incidents

OTRS study: The majority of companies
report a weekly security incident.

firefighter trucks in the dark

You read about hacker attacks again and again. The most recent case is a hacker attack on the Rheinmetall armaments and automotive supplier group. The attack severely impaired production in North and South America. The consequences could be devastating: Should the disruptions last longer than two weeks, the company expects a negative impact on earnings of three to four million euros per week.

OTRS study: 61 percent of companies have at least one IT security incident per week.

Again and again headlines like these dominate the media. But only a fraction of IT security incidents are reported at all and thus get into the media. A recent study of the OTRS Group that surveyed 280 people who are actively employeed in the IT field showed that 61 percent of the companies surveyed have at least one IT security incident a week. Extrapolated over the year, this would be at least 52 security incidents in more than every second company. A problem that can hardly be solved by personnel. In a study by Symantec, 97 percent of the companies surveyed in Germany, Great Britain and France stated that there was a lack of qualified IT security experts. In our study, half of the companies surveyed (50%) said that they had already suffered financial losses. If the shortage of skilled workers and security incidents continue to develop in this way, it could have serious consequences.

Our study has once again shown that security incidents are not uncommon; on the contrary, they are almost daily occurrences.

How do managers deal with security incidents?

When asked whether the incidents were handled optimally, opinions differ: almost half (49%) said that everything worked well. The other half (49%) believe that there is much potential for improvement. The remaining 2 percent are still struggling with the consequences of security incidents in general. No wonder everyone is seeking clearly structured processes: In all three countries, the majority of IT managers (37% in the USA, 42% in Brazil, 41%t in Germany) responded that more clearly defined processes would help them the most in dealing adequately with security incidents.

Our study has once again shown that security incidents are not uncommon; on the contrary, they are almost daily occurrences. We cannot quickly influence the frequency of incidents, but what we can do immediately is to develop a clear security strategy so that everyone involved knows exactly what to do in an emergency.

I would like to give you the following tips for developing a security strategy:

A pragmatic start

Most large companies already have defined processes and cyber defense teams in place. However, many small and medium-sized enterprises still have to work out their strategies. It is advisable to start “small”: Having a way for people to quickly report security-related incidents is just as useful as having a dedicated contact person or a team responsible for security-related events. This centralized documentation allows everyone to keep a clear view on incidents. Even an experienced external expert could then provide quick help if internal resources were scarce.

It is important for all companies to create clear processes and responsibilities for dealing with safety-relevant events.

Record processes digitally and centrally

In order to document the security events safely and support the corresponding information accordingly, specialized systems such as STORM of OTRS AG are available. They function as the technical backbone of IT security processes, support the communication of an incident and store this in an audit-ready way. They make it possible to define specific processes for  threat scenarios, give role-based approvals to users, and enable encrypted communication between clearly authenticated users.

Clear definition of IT security processes

It is important for all companies to create clear processes and responsibilities for dealing with safety-relevant events. The following questions should be taken into consideration:

  • What criteria define a security-relevant incident?
  • When exactly must it be reported?
  • Which data or processes need special protection?
  • How high can the potential damage be?
  • Who must or may be informed about an incident?
  • In which order and in which timeframe must communication take place?

IT security as a continuous process

Once established, IT security processes become an everyday part of business processes. Nevertheless, one must keep in mind that regulations, processes and requirements can change again and again. This is why companies should always keep up-to-date. If they want to improve their own know-how and build up IT security teams, they should network with other security managers and remain in continuous dialogue with the security community.

More information on how OTRS can structure corporate security can be found here.

Photos: Connor Betts on Unsplash

Leave a Reply

Your email address will not be published. Required fields are marked *

Share the Story