Although most companies acknowledge that they’re at high risk for a cyber attack, with many of them experiencing at least one or two incidents in the previous year, many of them have not taken the steps to equip themselves with a plan in the wake of an incident.
It’s an essential step in any security plan, but yet often neglected, said IBM Security General Manager Marc van Zadelhoff. “Response is such a big part of security, but it’s often a forgotten part of security,” he said. According to a study by IBM, 75 percent of IT and security professionals reported that their companies did not have an incident response plan that takes into account modern threats.
Another survey, conducted by IBM and Ponemon Institute, revealed that 66 percent of respondents did not feel that their company could bounce back in the wake of a cyber attack.
Not only should a plan outline steps for getting critical systems running, it should address how the company should notify employees, customers, and authorities. Here are some components of a cyber incident response plan.
Develop a plan of action. Determine how you will proceed after a cyber incident; outline the procedures and people who will responsible for taking immediate action in implementing the plan. It should also outline how to immediately contact critical staff members, key assets that require the most protection, and priorities for preserving data involved in the incident. By following a pre-established plan, a company can limit more extensive damage to its computer networks.
Establish a relationship with law enforcement. While you may already have a relationship with law enforcement in your area, it’s important to broaden that interaction to discuss steps to follow in the wake of a breach. This includes discussions with federal law enforcement officials. The FBI and other agencies will be familiar with steps to take in contacting media and protecting the company’s sensitive data. They will also be able to determine if the cyber attack is related to any other threats and investigations.
Keep your team updated about the latest threats. Cyber security incidents evolve, with criminals taking more sophisticated steps to commit their crimes. It’s important to stay engaged with current cyber threat incidents and how they may impact your operations. The Information Sharing and Analysis Centers is among the institutions that relays information about cyber threats.