6 Steps Your Cyber Security Incident Response Plan Should Include
Sep 06, 2019
Advances in technology help organizations to innovate, work efficiently, and remain connected to the rest of the world, but it can also pose a great threat by leaving organizations vulnerable to internal and external threats. This double-edged sword has brought to light the significance of risk management and developing a cyber breach response plan that will immediately establish a plan of action in the light of threats. In this article, we will dive into the importance of having an incident response plan for cybersecurity, as well as the six steps that are crucial for your plan.
Are You Confident in Your Cyber Breach Response Plan?
If you aren’t sold on your current cyber breach response plan, you’re not alone. According to the Risk:Value 2018 report conducted by NTT Security, which surveyed senior executives from over 12 countries, 59 percent of the respondents said they are not confident their company could resume “business as usual” after the 24 hours following a breach. Although executives are in alignment that cyber security practices are important to have in place at their organization, most don’t think the cyber threats will ever affect their business. Implementing a cyber security incident response plan is a proactive step to ensure your business will recover in an event a breach does occur. Here are some steps to take in order to develop an effective plan that will meet the needs of your organization:
- Create a list of all the sensitive information and data your business has, including where it is stored and what type of information it is. You will need to classify, encrypt, and protect your data from exfiltration and use, including credit cards, healthcare, and personal information.
- Review your compliance needs for regulations such as GDPR and the CCPA, or agencies such as the U.S. Securities & Exchange Commission, which has specific requirements for incident response plans to address stakeholders.
These two simple steps are a great start to creating a comprehensive cyber incident response plan that will give you peace of mind. Once you’ve completed these steps, it’s time to develop a well-thought-out plan that you feel confident and comfortable with.
What You Need to Include in Your Cyber Security Incident Response Plan
Each business should have its own incident breach response plan that fits their business needs. Your customized plan may include more or fewer steps, but this the typical, proven six-step approach that is the most common place to start:
- Preparation: The first step of the plan is the most important as it involves assigning roles and responsibilities to a team of employees who will carry out the incident response plan in an event a breach occurs. Providing written documentation of the responsibilities for each person is a crucial step in the process, as well as hosting training sessions with staff to communicate the plan and run through tabletop exercises of different types of threats for a greater understanding of posed threats.
- Identification: This step in the plan involves identifying the breach or threat that occurred, who discovered it and when, and what areas of your business was impacted.
- Containment: When developing your plan, it will be important to have containment strategies and back-up systems in place to restore business operations as soon as possible. If working with a managed service provider, they will be able to assist you in identifying the breach, containing it, so it doesn’t spread, as well as investigating the root cause of it conducted in the next step.
- Investigation: Finding out how the breach occurred or where the vulnerabilities and gaps are in your system is a needed step to ensure the breach doesn’t occur again. A review should be conducted by your IT team or your third-party managed service provider on the following: real-time memory, system and application logs, and external storage.
- Eradication: In this step, all malware should be removed, patching and hardening should be conducted, and notification to all incident response team members should be conducted.
- Recovery & Follow Up: The last step allows you to restore business operations. During this phase, contingency plans will be put in place and reoccurring network testing and validation will need to be performed. Moreover, if you have outside stakeholders of your business, you will need to conduct due diligence and communicate and report what happened.
This list may seem overwhelming and you’re probably wondering where to start. Luckily, an incident response service manager can help you every step of the way. This list simply gives you a starting point before an expert can step in and help you create your customized cyber security incident response plan.
Utilizing an Incident Response Service Provider for Your Planning Needs
Working with a managed service provider like Secuvant, we can help guide you in the direction that will meet the needs of your business. Our experts will help you prioritize which business risks to focus on, as well as outline global compliance requirements, which will create an incident response plan that has deep visibility into all facets of your business. With our MDR and incident response services, we can act as an extension of your IT team by preventing, detecting, and responding to threats 24/7.
Secuvant is one of the only IR teams that provides a complete program so a breach won’t happen again, including 24/7 Managed Detection and Response. Our skilled team can use cyber investigations and digital forensics to uncover what happened while preserving evidence in the case of legal action. Moreover, we coordinate with your Executives, IT team and partners, Legal Counsel, and PR firms for media management to create policies, procedures, plans, and guidelines so that you are prepared.