Cybersecurity breaches are becoming more and more prevalent. In fact, it’s been estimated that there were almost 5 billion records breached in 2018. Many organizations spend thousands of dollars on security breach prevention tools, but won’t take the time to create a formal process of identifying, responding to, and communicating an incident.
When it comes to incident response planning, there are three terms to keep in mind: security event, security incident, and breach.
So why is building and testing a formal incident response (IR) plan so important?
When an event turns into an incident and an incident appears to be heading towards a breach, you don’t want to have to “wing it”. Timing is also critical - once a breach is confirmed legal reporting timelines come into effect. If those timelines are not met it could result in a financial penalty, reputation damage, or legal ramifications. Finally, when a breach occurs there is usually an internal finger being pointed and you don’t want to be the person that has to say “I wasn’t prepared”, which could potentially result in termination due to negligence.
The following questions should be asked prior to building an IR plan:
There are many questions on what steps should be taken and what best practices to follow when it comes to incident response. Below are our recommendations:
1. Preparation (Planning)
2. Identification (Review & Coordination)
3. Containment (Damage Control)
4. Eradication (Investigation)
5. Recovery
6. Lessons Learned (Education)
A solid incident response plan probably won’t be perfect from the beginning, which is why you should be doing tabletop exercises throughout the year to iron out any rough patches. Not having a mature security program is no reason to put off implementing an IR plan; in fact, that would be a primary reason why you should get your IR plan set up.
It’s important to note that having an incident response plan is a mandatory component of most compliance requirements. Even more importantly, having a plan in place can help you reduce your response time to address a negative event. It‘s also a fantastic way to highlight your security program with your executives and prepare your team for the attacks on your business.
Ready to build out your incident response plan?