What is Eradication in Cybersecurity? An Essential Part Of Incident Response Plans

What is eradication in cybersecurity? Eradication represents the implementation of a more permanent fix, after the containment phase. It is essential because one of the main goals of the incident response teams should be to eliminate the access points the malicious actors used to attack your network. 

The eradication phase includes patching and system and app application reconfiguration. All the actions unfolded during this phase should be thoroughly documented.  

On Security Incidents and Incident Response Plans

Cybersecurity incidents can be understood in two main ways

Often cybersecurity incidents are associated with malicious attacks or Advanced Persistent Threats (APTs), but there appears to be no clear agreement. […] The original government definition of cybersecurity incidents as being state-sponsored attacks on critical national infrastructure or defence capabilities is still valid. However, industry – fuelled by the media – has adopted the term wholesale and the term cybersecurity incident is often used to describe traditional information (or IT) security incidents. […]. The two most common (and somewhat polarised) sets of understanding – as shown in Figure 2 below – are either that cybersecurity incidents are no different from traditional information (or IT) security incidents – or that they are solely cybersecurity attacks.

Read More: https://heimdalsecurity.com/blog/what-is-eradication-in-cybersecurity/