While the realization of a cybersecurity incident of course brings primary impacts, it doesn’t stop there. There are often secondary follow-on activities and impacts that go on well beyond the initial security incident. Part of our ongoing series on incident response (IR), this analysis will explore the differences between primary and secondary impacts, as well as how to respond to them so that you and your business can successfully move forward from a cybersecurity incident.
Primary impacts are the immediate fall-out from a security incident. They include damage due to the initial intrusion and associated lateral movement. Primary impacts can be harmed systems, compromised data, or a ransom to pay.
Primary impacts may also include loss of revenue. If systems have been made unavailable or degraded, this could have an impact on your business, potentially throwing off your e-commerce services or the digital systems that power your business operations and activities
Finally, there are also impacts on the staff. For example, a malicious insider will need to be removed from the organization. Their access will need to be revoked, and the organization will need logging and other mechanisms to understand the reach and impact of their malicious actions.
The incident is far from over just because you’ve triaged the malicious actor and restored your systems and services to a normal functioning state. There are several activities that occur well beyond this initial primary impact. These include litigation, documentation, interfacing with auditors, and utilizing knowledge to improve your organization’s incident response process and capabilities.
On the litigation front, organizations must be poised with legal expertise to weather the potential litigation activities they may find themselves in after a security incident. Depending on the industry, the organization’s size, and the incident’s visibility, there may be regulatory actions, which will require in-house or augmented compliance expertise to work with external auditors and regulators to answer any associated inquiries.
As in primary impacts, there may be staffing impacts in the secondary sense as well. Regulatory and social pressure may lead to leadership changes. There is also the harsh reality that incidents and their associated response activities can be incredibly demanding, demoralizing, and draining to the staff involved, and can lead to staff turnover if not managed properly. Proper management requires ensuring that schedules are implemented to prevent burnout, that staff are given time to breathe after intense periods of work and that blame isn’t cast where it isn’t warranted, to ensure morale isn’t compromised.
As they say, the best time to plant a tree is 20 years ago, and the second best time is now. Clever sayings aside, the reality is that an organization’s ability to withstand the primary and secondary impacts of a cybersecurity incident is directly tied to how much it has prepared to do so. This involves proper incident response planning (IRP), tabletop exercises, game days, and even lessons learned from previous incidents.
Still, you may find yourself in a security incident for which you haven’t sufficiently prepared. The best way to deal with this is to note the deficiencies, capture them, and put measures in place to ensure that they don’t happen again or that the impact is mitigated in the future.
CISO & Co-Founder
Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.
Contact Chris Hughes …
Comments are closed.
Type above and press Enter to search. Press Esc to cancel.
Here you will find a wealth of information created for people that are on a mission to redefine business models with cloud techinologies, AI, automation, low code / no code applications, data, security & more to compete in the Acceleration Economy!