Incident Response Planning for Cybersecurity
Jun 18, 2019
Advances in technology help organizations to innovate, work efficiently, and remain connected to the rest of the world, but it can also pose a great threat by leaving organizations vulnerable to internal and external threats. This double-edge sword has brought to light the significance of risk management and developing an incident response plan that will immediately establish a plan of action in the light of threats. In this article we will dive into the importance of having an incident response plan for cybersecurity, as well as the six steps your plan should include.
Are you Confident You can Recover from a Cyber Breach?
According to the Risk:Value 2018 report conducted by NTT Security, which surveyed senior executives from over 12 countries, 59 percent of the respondents said they are not confident their company could resume “business as usual” after the 24 hours following a breach. Although executives are in alignment that cybersecurity practices are important to have in place at their organization, most don’t think the cyber threats will ever affect their business. Implementing a cybersecurity incident response plan is a proactive step to ensure your business will recover in an event a breach does occur. Here are some steps to take in order to develop an effective plan that will meet the needs of your organization:
- Create a list of all the sensitive information and data your business has, including where it is stored and what type of information it is. You will need to classify, encrypt, and protect your data from exfiltration and use, including credit cards, healthcare, and personal information.
- Review your compliance needs for regulations such as GDPR and the CCPA, or agencies such as the U.S. Securities & Exchange Commission, which has specific requirements for incident response plans to address stakeholders.
What to Include in Your Cybersecurity Incident Response Plan
An incident response plan typically follows a six-step approach:
- Preparation: The first step of the plan is the most important as it involves assigning roles and responsibilities to a team of employees whom will carry out the incident response plan in an event a breach occurs. Having written documentation of the responsibilities for each person is a crucial step in the process, as well as hosting training sessions with staff to communicate the plan and run through tabletop exercises of different types of threats for a greater understanding of posed threats.
- Identification: This step in the plan involves identifying the breach or threat that occurred, who discovered it and when, and what areas of your business was impacted.
- Containment: When developing your plan it will be important to have containment strategies and back-up systems in place to restore business operations as soon as possible. If working with a managed service provider, they will be able to assist you in identifying the breach, containing it, so it doesn’t spread, as well as investigating the root cause of it conducted in the next step.
- Investigation: Finding out how the breach occurred or where the vulnerabilities and gaps are in your system, is a needed step to ensure the breach doesn’t occur again. A review should be conducted by your IT team or your third-party managed service provider on the following: real-time memory, system and application logs, external storage, etc.
- Eradication: In this step, all malware should be removed, patching and hardening should be conducted, and notification to all incident response team members should be conducted.
- Recovery & Follow Up: The last step allows you to restore business operations. During this phase, contingency plans will be put in place and reoccurring network testing and validation will need to be performed. Moreover, if you have outside stakeholders of your business, you will need to conduct due diligence and communicate and report what happened.
Utilizing a Managed Service Provider for Your Incident Response Planning Needs
If you don’t know where to start when developing your incident response plan, consider working with a managed service provider like Secuvant to guide you in the direction that will meet the needs of your business. We will help you prioritize which business risks to focus on, as well as outlining global compliance requirements, creating an incident response plan that has deep visibility into all facets of your business. With our MDR and incident response services, we can act as an extension of your IT team, preventing, detecting, and responding to threats 24/7.
Secuvant is one of the only IR teams that provides a complete program going forward so it won’t happen again, including 24/7 Managed Detection and Response. Our skilled team can use cyber investigations and digital forensics to uncover what happened while preserving evidence in the case of legal action. Moreover, we coordinate with your Executives, IT team and partners, Legal Counsel, PR firms for media management to create policies, procedures, plans, and guidelines so that you are prepared.
If you’d like more information on our Incident Response Planning services, reach out to one of our professionals at firstname.lastname@example.org or 855-732-8826.