Talk With an Expert

Recommendations for small/medium-sized businesses enabling incident response

Recommendations for small/medium-sized businesses enabling incident response (PDF, 4.41MB)Published: 17 Jan, 2022
Created by
Luke Pearson

Security incidents are inevitable. While large businesses can afford security teams to prepare and respond to incidents, this expense is typically out of reach for small/mediumsized businesses (SMB). SMBs generally can't afford to have security professionals tune and care for their environments. SMBs are more likely for a cyber intrusion to have criminal intent than large companies, and they have less resources to be prepared. Eleven (11) sets of incident response documentation, taken from real-life incidents, were reviewed to determine what configurations in the investigated environment enabled or inhibited effective incident response. Thorough research into the viability of implementing these findings in SMB environments was conducted, and a series of recommendations were derived from this dataset. These recommendations are spread across five (5) key categories: contractual, documentation, logging, operational, and training. Finally, a scenario involving the compromise of a fictitious organisation has been detailed, illustrating the difference that implementing these recommendations may have on an incident response engagement. A review of the process and output shows the immense value derived from these kinds of reviews. While the nature of the original documentation sets makes it unlikely similar datasets will ever be made public, it also shows that valuable information can be sufficiently abstracted for public consumption and benefit, with value for SMBs.