Whether you have cause to deploy it or not, every business should have a cybersecurity strategy ready to go.
So far this Cybersecurity Focus month, we have published articles on the must-have skills for cyber professionals, the best ways to detect a phishing scheme, how people are an asset when managing cyber risks and the top 10 cybersecurity start-ups strengthening our digital defences, among others.
Next topic to cover? How can organisations develop their own cyber incident response plans, so if and when their company is targeted they can quickly detect and respond, limiting the impact and encouraging a speedy recovery.
Internal assessment
The devil is in the details, so the very first step in curating an organisation-wide cyber incident response plan, should be to pin down a strategy for who will lead the initiative, what are the plans for team building, what the purpose is and what resources are at the company’s disposal.
While there should be an overarching effort to ensure that the organisation is in no way vulnerable, organisations should first assess the issues that most pertain to them, be it ongoing phishing attacks, frequent malware infections or system breaches.
Ethical hackers can be useful in that they expose an organisation’s weaknesses safely, giving companies the opportunity to address inadequacies and build stronger systems, more resistant to attack. Once you have nailed down your own vulnerabilities you can start working on a broader, more long-term approach.
From the ground up
Cybersecurity, like many fields within the STEM space, requires professionals to be highly qualified, often in niche areas. Employees drafted to a cyber incident response plan (CIRP) team should have a broad range of skills, but also have specialised skills. For example, useful positions include incident coordinators, communication managers, legal advisers and those with advanced technical skill.
Everyone should know their role and be ready to act quickly in the event of an attack or misadventure. Employers should ensure that all professionals, those on the specific CIRP team or not, have access to regular cybersecurity training and upskilling opportunities.
Any department connected to a company network has the potential to be a target, therefore cross-collaboration is key and all parts of a company should be looped in regarding the plan, so that quick action and recovery can take place.
Lean into classifications
While a cyber incident is likely always going to have a negative impact, it is important to quantify the extent of the damage. Incident categories, for example, low, medium or high, enable teams to prioritise as well as delegate work and resources.
Organisations should develop a risk classification matrix that takes into account the urgency of a security event, what classifies said event as being in that particular category and the response needed. Classification is necessary so an organisation is well-versed in which events trigger action from the incident response teams.
Show and tell
There needs to be a clear policy around how an organisation detects and reports cyber incidents. Employees should be trained on all forms of monitoring tools, detection systems and antivirus software, in order to recognise suspicious or harmful activity.
Time is of the essence, therefore the incident response team manager should be looped in as soon as possible via a thought-out and correct process of reporting. From there on, efforts should be made to contain the issue until it can be eradicated.
Other stakeholders may need to be looped in down the line, for example, additional employees, company partners and any consumers affected by a more serious breach.
What comes next?
A critical aspect of building a CIRP is the section that pertains to recovery and future prevention. The post-incident analysis should detail the root cause of what happened, events during the incident, the techniques used against the company, how it was resolved, any lasting impact and how the situation might be avoided in the future.
This needs to be a comprehensive analysis as it shows the full scope of an attack, and the events leading up to it, leaving an organisation in a stronger, more resilient place.
Employers should also regularly review their cyber incident response plan, as just because previous plans were effective, does not mean that it is still the most future-focused plan you could have in place. Technologies are always advancing and the organisations that don’t advance alongside them, make themselves vulnerable.
Basically, it can never hurt to have a good plan at your back for when trouble comes knocking.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
