When we think about the impact of an unexpected event, it can often leave us with varying emotions. In many cases, those emotions are not pleasant… such as panic and stress, feeling vulnerable or lacking control over the world around us. All too often we see clients experience these feelings during the wake of and after a cybersecurity incident. Cybersecurity incidents are always considered the “what ifs”, too often not measured as a strategic threat. An unexpected cybersecurity incident promises negative impact and can sometimes be catastrophic to an organization. So, what can you do? How can your organization be more resilient? How can you better prepare, and experience calm in a time of crisis?
When it comes to a cybersecurity incident, one of the best things you can do is develop a detailed incident response strategy. The concept of having an incident response strategy is not new. However, there are still many organizations that have not developed one at all or their current strategy is not at a resilient level.
Key Phases of an Incident Response Strategy
On the surface, developing an incident response strategy can seem simple. Identify the cause of the incident, stop or observe the source of the incident, act to prevent the incident from happening again, and evaluate impact. For each of these phases there are questions that are going to need to be answered, many of which can be determined before any incident even occurs.
By evaluating the needs and priorities of your organization prior to a cybersecurity incident, you will be able to have better control and experience the calm during the storm.
Key Questions to Consider
Is the focus going to be on data retention or business continuity?
Could the incident lead to a possible law enforcement investigation?
What is the process of restoring from backup and who makes that call?
What are the incident response roles inside your organization and who coordinates with whom?
Do you have cyber insurance? If so, is your cyber insurance going to cover the incident response costs? If cyber insurance is something your organization is considering, my colleagues Brad Pierce and Bryan Allison will be releasing a two-part blog series on things to consider when purchasing a policy. So, be on the lookout in the coming weeks.
These are a sample of some of the questions that can be answered before the “what ifs” become reality. How these questions are answered can often determine the chain of events in response, and a mistake early on can have negative consequences to the overall process.
For any organization that does not plan to handle incident response tasks in-house, it is important that a security partner or third-party firm is identified prior to an incident occurring. Obtaining an incident response retainer with your identified security partner is an excellent way to ensure an incident response strategy is in place when an attack occurs. With an incident response retainer, the identified security partner is with your organization throughout the strategic planning phase. This greatly improves an organization’s experience throughout the incident response process. Developing a strategic incident response plan helps prevent mistakes and misunderstandings in the heat of the moment by either party. This type of arrangement can also be highly beneficial when a possible cyber insurance claim needs to be made as your insurance provider will already be aware of the security partner that will be conducting the investigation.
By having a plan that lays out your incident response strategy and a team that you can trust when the “what ifs” happen, your organization will be better prepared for the unknown and be more resilient in the face of adversity.