Ask any cybersecurity expert, and they will tell you that it is only a matter of time before you discover that you have had an attack on your computer systems and data has been accessed or stolen. Hundreds of cybersecurity incidents occur each year and millions of records are stolen. Is your organization ready to respond to a cybersecurity incident?
Cyberattacks are one of the top Global Risks for 2018. Attacks against businesses have almost doubled in five years, and the financial impact of cybersecurity breaches is rising with some of the most substantial losses occurring in 2017 related to ransomware attacks. Organizations rely on their computer systems for all areas of their business, and they cannot afford for them to be under attack or nonfunctional.
Do you have a well-documented incident response plan in place? It can mean the difference between a successful response and devastating impacts on your business and operational continuity, your finances, your reputation with your customers, and your employee morale. A cyber incident can move fast. If your organization is not ready to respond swiftly, it can greatly increase the severity and cost of the incident. A detailed cybersecurity incident response plan will not only substantially reduce the amount of valuable time wasted in dealing with the confusion and organizational chaos, it can also decrease the likelihood of attacks.
Developing effective incident response capabilities can be a complicated undertaking that requires substantial planning and resources. However, it is well worth the time and effort. A detailed checklist is easy to follow in times of crisis and a thorough incident response plan makes it easier to respond to a cybersecurity incident. Having an organization-wide, sanctioned plan in place will ensure your response team is informed and empowered to address incidents swiftly; which can be important, as customers and regulators are more forgiving when breaches are reported in a timely manner.
Your plan should:
- Identify areas and data that would cause your business to suffer if they were hacked
- Designate a response team and assign them roles and responsibilities
- Include a clear communication plan with timelines for notifying regulators, the public, and your employees; and contain a comprehensive list of internal and external contacts
- Provide clear procedures for handling and preserving evidence
- Be reviewed frequently and updated as your organization evolves or when the cybersecurity landscape changes
Once the plan is established, training your employees is crucial. You should test your plan and practice responses for all types of incidents, from a lost laptop to a major data breach. Talking through an incident can assist you in identifying areas that may need improvement. Gaps uncovered during testing should be addressed and action items should be assigned from lessons learned. Testing can also help clarify roles and responsibilities, which can be crucial when responding to a cybersecurity incident.
Cerium Networks can assist with the creation and updating of an Incident Response Plan for your organization. We can also facilitate testing of the plan to ensure your team is successful in responding to a cybersecurity incident. Cerium offers Incident Response Advisory services for organizations that may not have the resources to have response experts on staff. We also can provide a Security Incident and Event Management (SIEM) solution that can identify malicious traffic on your network.