Incident Response

Will your organization be ready to execute flawlessly when you are the victim of a security or privacy breach?

An incident response plan is a blueprint that maps out how your organization will handle a cybersecurity or privacy incident.

What is an incident response plan and why is it important?

Today's society is increasingly interconnected. Massive troves of data proliferate all over the globe within seconds. While this data proliferation has created unique new business models, it has also created anxiety in those charged with protecting the data behind the progress and innovation. Intellectual property and trade secrets, as well customer data, are constantly being sought out by adversaries who can monetize it on the black market. As scenarios for protecting this data become more complex, a company's Chief Information Security Officer (CISO) and/or Chief Privacy Officer (CPO) must plan accordingly for what to do if they do experience a data breach. For them to have a hero's chance of success in this battle, they will need a detailed, clear, and realistic incident response plan that outlines battle positions (key assets and controls), roles and responsibilities (resource allocation), and action plans (who's doing what, when they are doing it, and what is being communicated through various channels). A solid incident response plan helps you feel confident that you can quickly identify a breach and mobilize your workforce when the pressure is on. It empowers prepared organizations by allowing them to efficiently and precisely execute their plans, while the unprepared scramble in reactive mode without a script.

Practice makes perfect

An incident can be managed and contained effectively as long as everybody knows their role and can execute quickly as a team. Incident response drills help organizations feel more confident during crunch time.  An incident response plan may be the first step to an organization defining how they must execute when faced with an incident, but simply putting words down and drafting the plan won't make most feel good about being ready for the real thing. To be more effective and seamless during an actual event, from identification to closure, organizations need to test their plan by rehearsing drills that simulate the activities required of each team and individual.

Actors rehearse before jumping on stage in front of a large audience. Employees who regularly rehearse key functions during a simulated incident can expect to perform those functions better during the big show, without the need for slowing down to read the script.

 

Executing your plan

Ensuring that all team members understand the severity of a potential incident is important. Organizations must also communicate positively to their teams, in a manner that encourages employees to report a breach and not sweep it under the rug. Doing so helps to establish a collaborative mindset where transparency is valued and rewarded. The severity of a data breach can be exacerbated by the time crunch that comes with it. When an incident is identified, organizations must respond swiftly and substantially. If they do not, they run two significant risks. First, once news of the breach surfaces, the likelihood of additional exposure to other parties may increase because there's now a set of directions on how key systems were penetrated. Second, the speed by which data can be distributed means that the adversary who now has your sensitive information is likely to broadcast it and sell it to an even larger audience. The longer you wait, the greater the number of unintended recipients who end up with it. Urgency must be balanced with execution synchronicity when your organization finds itself looking for answers and simultaneously trying to stop the bleeding caused by a data breach.