Image: Getty Images/iStockphoto

One of the biggest mistakes a company can make is assuming that malware is everyone else’s problem. Bad actors are getting better at slipping past security measures, and the cost of data breaches keeps going up. One critical tool for limiting damage is a malware incident response plan.

In Mimecast’s Threat Intelligence Report RSA Conference Edition 2020, the security company reported a 145% increase in malware attacks in the last quarter of 2019.

SEE: TechRepublic Premium’s Malware Incident Response Plan (TechRepublic Premium)

In the 2019 Cloud App Security Roundup, Trend Micro reported that the company detected almost a million instances of malware. The report found that attackers are getting better at tricking the first layer of defense against business email compromise (BEC), phishing emails, and malware infections.

Menlo Security reports that bad actors have added a new snare to their bag of social engineering threats— malicious OneDrive, Google Drive, iCloud, and Dropbox links that install malware. Many of these services are whitelisted by security products, meaning that an enterprise has few or no defenses against these advanced threats. 

In August 2019, IBM Security released its annual Cost of a Data Breach Report, which found that the cost of a cybersecurity attack has risen by 12% over the course of five years, and organizations can expect to pay an average of $3.92 million.

SEE: TechRepublic Premium’s Malware Incident Response Plan (TechRepublic Premium)

Cisco’s CISO Benchmark Study for 2020 identified nine best practices that could keep the costs of a breach under $500,000 or even less than $100,000. These cybersecurity tasks include:

  • Review and improve security practices regularly, formally, and strategically over time
  • Regularly review connection activity on the network to ensure that security measures are working as intended
  • Integrate security into the organization’s goals and business capabilities
  • Routinely and systematically investigate security incidents
  • Put tools in place to provide feedback to the security team
  • Integrate security technologies including incident response plans
  • Keep threat detection and blocking capabilities up to date
  • Make it easy to determine the scope of a compromise, contain it, and remediate 

Developing a malware incident response plan can help with all of the above tasks, but particularly the last item: Understanding the damage once a security incident has happened. Using a comprehensive malware response checklist can further bring purpose and calm to initial security incident response and to the security team. 

To be effective, a malware incident response plan should address these key factors:

  • Determining the nature of the attack
  • Confirming what data has been compromised
  • Indentifying specific individuals to be notified
  • Defining a recovery plan

No cybersecurity response team should be without a basic plan at the very least. The malware incident response plan is a thorough and detailed document that includes five sections:

  • Initial response – 13 steps
  • Incident-specific information – 8 data points
  • System-specific information – 7 data points
  • Incident remediation – 10 steps
  • Sanitize and return system to operation – 14 steps

As the author of the checklist Erik Eckel states, “Until proven artificial intelligence solutions arrive, incident response teams will be best served having good old-fashioned techniques waiting in the wings. And a checklist is about as good an old-fashioned and proven solution as you will find.”

The TechRepublic Premium’s Malware Incident Response Plan is available as a free download for TechRepublic Premium subscribers or for individual purchase. 

SEE: TechRepublic Premium’s Malware Incident Response Plan (TechRepublic Premium)