Lack of Security Incident policy/plan
Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. SMB organizations are often challenged by incident response management, in part because incident response procedures may not be established.
Therefore it’s critical for an organization to identify and respond to security incidents and events in a timely manner. Whether a breach is small or large, organizations need to have an incident response policy in place to mitigate the risks of being a victim of the latest cyber-attack.
Edmodo is an educational technology company offering a communication, collaboration, and coaching platform to K-12 schools and teachers. The Edmodo network enables teachers to share content, distribute quizzes, assignments, and manage communication with students, colleagues, and parents. Responding to any security incident is a critical element for Edmodo’s businesses and data security compliance requirement. It’s also essential for Edmodo to identify and respond to security incidents and events in a timely manner. Whether a breach is small or large, Edmodo wanted to have an incident response plan in place to manage the lifecycle (preperation, detection & analysis, containment, eradication & recovery, and post incident activity) of all security Incidents. The faster they detect and respond to security incidents, the less likely it will have a significant impact on their data, customer trust, reputation, and a potential loss in revenue.
We undertook a comprehensive analysis of their existing policies in place, their current team structure, and security incidents happened in the past and their preparedness to handle any future security incidents. We evaluated NIST SP 800-61 & ISO/IEC 27035 standards and based on their existing org structure and specific need, we decided to go ahead with creating security incident response policy based on NIST SP 800-61 standards.
Performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources. Continually monitoring for attacks is essential and establishing clear procedures for prioritizing the handling of incidents is critical, as is implementing effective methods of collecting, analysing, and reporting data.
We created a set of practices, processes, and solutions that enabled Edmodo’s Security Incident Response Team (SIRT) in rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring IT services in the shortest possible time.
With incident response policy in place Edmodo’s SIRT team is now able to quickly detect, investigate, address vulnerabilities and issues, and respond to all IT security incidents in an efficient and timely manner. Faster responses helped them reduce the overall impact of incidents, mitigate damages, and ensure that systems and services continue to operate as planned.
Without incident management, an organization may lose valuable data, experience reduced productivity and revenues due to downtime, or be held liable for breach of service level agreements (SLAs). Even when incidents are minor with no lasting harm, IT teams must devote valuable time to investigating and correcting issues.