We spoke to our Incident Response team to learn more about incident response plans and why every organisation should have one.
Because so many of our business processes depend on technology, most organisations rely heavily on their IT team to keep networks running smoothly and revenue generating activity operating consistently.
Your reputation, profit, and customer trust are at risk if your operations are disrupted, or in some cases, come to a complete standstill. It’s expected that your organisation has already put cyber security strategy in place to ensure continuity, but what happens when something does go wrong?
We hate to admit it, but we all know deep down that something is bound to go wrong eventually. That’s why organisations have crisis management plans and why your organisation should have a plan for if it’s the victim of a cyber attack. PGI’s Chief Security Architect, Keith Buzzard, says, “take it from a team of professionals; our plan literally has a ‘what we do if the plan doesn’t work’ section. Unless your IT and cyber security budget is vast, you should accept that something is likely to go wrong and plan for the possibility of a failure”.
When something bad happens, it’s very easy to get a case of ‘tunnel vision’ and focus only on what’s right in front of you, avoiding the real issues. Without a roadmap detailing how to handle an incident, those bad decisions can cost the company’s reputation and bottom line. The initial question shouldn’t be ‘how do we fix this problem in front of us?’, it should be ‘how can we get the business operational again?’
An Incident Response plan—covering every possibility—can be a complicated artefact, especially if a whole department has contributed to the creation over an extended period of time – in some cases, it can take upwards of a year. While this process is probably going to produce a strong plan, you could be waiting for a while and what if something goes wrong in that time? A simple plan that covers 80% will include a vast majority of the risk, will be much cheaper, and be available when it’s needed most.
Mistakes made at the start of Incident Response can be a problem for the duration. For example, if a company wishes to pursue a court case, damaging the evidence in the first minute can haunt the complete process. While there’s no ‘non-critical’ stage to Incident Response, the decisions made at the start can have long term consequences. Having a plan in place and briefing the right people in the organisation on where to find it and who to report an incident to, will make all the difference.
Your organisation likely has ethical obligations and contractual agreements with clients, particularly if you have their data stored in your systems. Having an Incident Response plan in place shows your commitment to information security and keeping their data secure.
Ensuring the continuity of your operations should always be top of mind. While a security strategy will lessen the risk, thorough planning for when something goes wrong is equally important. Without a solid process for dealing with an incident your organisation is left open to costly mistakes – your workforce is only human and with so many variables, it’s much easier to handle an incident if there is a framework to work from. At the end of the day, your reputation and bottom line will be the first to suffer in the aftermath.
If you don’t have the capacity or in-house knowledge to do this yourself, you could consider the services of a professional Incident Response team to help prepare your organisation.
Our experienced team are dedicated to protecting your business, offering a wide range of response and recovery services, with the of limiting disruption. We strive to be among the quickest to identify, address, and resolve a data breach to get you back up and running as soon as possible.
If you would like to ask questions about incident response plans or cyber security strategies, let's talk.
Last week, Bellingcat released their ‘Seven Deadly Sins of Bad Open Source Research’. The article lays out the glaring errors they’ve observed by practitioners online, especially regarding the conflicts in Gaza and Ukraine.
April 2024 marks the 40th anniversary of the Diretas Já civil movement in Brazil, a mass movement demanding direct presidential elections and a return to democracy after two decades of military dictatorship.
Last week, British comedian, Joe Lycett revealed he had successfully seeded four fake stories within the British press.