With myriad new cyber-attack strategies, the growing adoption of cloud services, and increased use of open-source components, organizations are more likely exposed to threats, making it even more challenging for security teams to identify breaches on their own.
Bigger companies are usually quite oblivious about an intrusion or breach of their systems unless warned by outsourced parties such as a security researcher, business partner, or perhaps law enforcement agency.
SolarWinds is one of the breaches that were undetected for months because researchers didn’t spot it internally. Thus, ways to receive and respond to inbound security intelligence from third parties -like breach notification or data regarding a new major threat, have become increasingly crucial in these changing times.
Here are some strategies businesses can implement to receive and respond to third party’s disclosure.
Must have a clear-cut policy in place for vulnerability disclosures
Businesses must have policies for vulnerability disclosures in place that can be provided to external entities that are responsible for reporting a security breach or privacy issue. The company’s expectations for how to report vulnerabilities must be clearly conveyed to the third party along with other details. The higher management team from a company must be responsible for providing every single detail including how the report or the information will be managed, analyzed, and addressed.
Set an internal vulnerability management program
It is always a great idea to have formal application security and vulnerability management program in place within the organization, whether a company wants to get security intelligence from an external source or not. Businesses must implement regular vulnerability scanning and prompt security patching to prevent potential vulnerabilities and outsourced parties to likely find and report vulnerabilities in the first place. Also, CISOs should make this an important part of the company’s security program. Moreover, organizations must ensure they have all programs and policies in place internally, before they plan to reach out to external researchers.
The incident management team must always be prepared
Businesses must ensure that their incident management team has prepared a robust plan for responding to security exposures from third parties like bug hunters, law enforcement, clients, or business partners. Just like how the business event handling team has methods for responding to alerts received from internal security tools, network sensors, computing systems, and other sources, they also need to have one exclusively for investigating and responding to security intelligence from an external source. Each event handling and response method must have a well-defined process in order to prioritize, assess, and classify any given source of intelligence to the point of resolution.
Don’t forget to involve members from other groups
The IT or the security organization needs to be responsible for phone numbers and mailboxes that get tips from outside sources. Also, they have the capability to investigate and rectify all the issues that have been reported. Having a plan ready to include members from other groups across the organization is extremely critical because it is highly impossible to predict how events may pan out while engaging with third-party security researchers or bug hunters.
For more such updates follow us on Google News ITsecuritywire News.