Companies must have an incident response plan to counter cyber reality

SMBs need to be proactive, put protocols in place in case of attack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The threat of seri­ous and cost­ly oper­a­tional dis­rup­tions due to a cyber attack has senior exec­u­tives at many orga­ni­za­tions feel­ing ill at ease.

So a ris­ing num­ber of them have begun engag­ing their com­pa­nies in cyber inci­dence response planning.

An inci­dence response plan takes a metic­u­lous approach to man­ag­ing the after­math of any type of dis­rup­tive cyber incident.

 It could be a net­work breach, insid­er data theft, denial of ser­vice attack or web­site deface­ment. In fact, the plan should define what con­sti­tutes a cyber inci­dent and lay out spe­cif­ic steps for the tech staff, man­age­ment, cor­po­rate com­mu­ni­ca­tions and the legal depart­ment to take when an inci­dent occurs.

Free resource: Plan­ning ahead to reduce breach expenses

Inci­dent response plan­ning has become a red-hot top­ic among orga­ni­za­tions seek­ing to proac­tive­ly address cyber exposures.

An annu­al sur­vey of risk man­agers by glob­al insur­er Zurich found that in 2015, 72 per­cent of more than 400 respon­dents had a data-breach response plan, an increase of 10 per­cent­age points from the pre­vi­ous year.

Com­pa­nies are being asked by their boards what they’re doing, what they should be doing, and what they can be doing to be more pro­tect­ed,” says Siob­han Mac­Der­mott, a risk and cyber­se­cu­ri­ty prin­ci­pal at con­sul­tan­cy EY.

Plan­ning gains traction

She says that a shift in inci­dent response plan­ning that began about 12 to 18 months ago—largely because of all the media atten­tion on high-pro­file net­work breaches—is accelerating.

Anoth­er report, EY’s annu­al Glob­al Infor­ma­tion Secu­ri­ty Sur­vey, reflects the nascent nature of this trend. EY polled 1,755 C-suite exec­u­tives from 67 coun­tries in 2015. While 43 per­cent of respon­dents said they had a for­mal inci­dent response pro­gram, only 7 per­cent had a robust pro­gram that inte­grat­ed exter­nal ven­dors, law enforce­ment agen­cies and play­books test­ed via reg­u­lar table­top exercises.

Raj Dodhiawala, CounterTack senior vice president of products and engineering
Raj Dod­hi­awala, Coun­ter­Tack senior vice pres­i­dent of prod­ucts and engineering

The inci­dent response plans are tiered depend­ing on sever­i­ty,” says Raj Dod­hi­awala, senior vice pres­i­dent of prod­ucts and engi­neer­ing at Coun­ter­Tack, which pro­vides end­point threat detec­tion and response.

Lighter weight inci­dent response plans typ­i­cal­ly involve coor­di­nat­ing the efforts of IT staff and cyber­se­cu­ri­ty ana­lysts focused on rou­tine dai­ly dis­rup­tions. For more seri­ous inci­dents, experts from risk and com­pli­ance should be at the table, he says.

In fact, more com­pre­hen­sive plans go beyond the tac­ti­cal IT response to take a more strate­gic, all hands on deck approach. Con­tin­u­ous mon­i­tor­ing and detec­tion gets fac­tored in and para­me­ters for gaug­ing sever­i­ty and pri­or­i­tiz­ing inci­dents get estab­lished. Rehearsals and drilling—akin to what first respon­ders do to pre­pare for earth­quakes and ter­ror­ist attacks— can be very valuable.

It’s a lot eas­i­er to go through the (response) process once you have a plan in place and you’ve gone through the drill, than it is to think on the fly,” says EY’s MacDermott.

How to pre­pare for the inevitable

So what’s the first step?

Start by look­ing at the data—such as intel­lec­tu­al prop­er­ty and per­son­al­ly iden­ti­fi­able information—and the poten­tial bad actors, Mac­Der­mott suggests.

Under­stand and iden­ti­fy the most impor­tant assets you have—the crown jew­els,” she says.

For small and mid­size orga­ni­za­tions, con­tract­ing expert help is a read­i­ly avail­able option that should be explored.

Dod­hi­awala notes that a grow­ing trend among SMBs is reliance on man­aged secu­ri­ty ser­vices providers, or MSSPs. The MSSPs typ­i­cal­ly offer bun­dles that include end-to-end pro­tec­tion and mon­i­tor­ing, as well as inci­dent response.

Most small and medi­um-size com­pa­nies don’t nec­es­sar­i­ly have the depth of secu­ri­ty tal­ent (in-house,)” he says.

By out­sourc­ing inci­dent response plan­ning, the com­pa­ny can offload the bur­den of craft­ing a robust plan and rely on the ser­vice provider’s poli­cies and procedures.

More resources:
How to build cus­tomer loy­al­ty by keep­ing data secure
Putting effec­tive data risk man­age­ment with­in reach
With breach­es near­ly cer­tain, com­pa­nies shift cyber­se­cu­ri­ty spending


Posted in Cybersecurity, Data Breach, Featured Story