The organisations worst hit by cyber attacks often have one thing in common: they lack an effective incident response plan (IRP).
Until recently, most people believed that cyber security was all about preventing incidents. But as cyber crime has grown in frequency and sophistication, it’s no longer good enough to rely on your ability to defend against incidents or assume that you won’t be hit. You will suffer major disruption sooner or later, and if you’re not prepared, the damage could be catastrophic.
Take last year’s Equifax scandal as an example. The organisation’s complete lack of security awareness led to not only the initial breach but also a string of embarrassments.
For a start, Equifax identified the breach in late July 2017, but didn’t disclose it for another six weeks. When it got around to notifying victims, it directed them to “equifaxsecurity2017.com”, rather than a page on its existing site. This immediately aroused customers’ suspicions, as this is exactly the kind of thing a phishing scam would do. It certainly didn’t help that the site contained serious bugs.
A turning point
Many experts have predicted that the public outcry following Equifax’s breach and subsequent mistakes could lead to a turning point in the way organisations view incident response planning.
An IRP helps organisations prevent exactly the kind of errors that Equifax made. It makes it easier to identify the necessary steps to take in the event of various disasters, and ensures that organisations acknowledge and mitigate weaknesses in their policies, technical controls and the way employees communicate with each other, customers and regulators.
IRPs also enable organisations to learn from their mistakes. After the plan has been initiated and the organisation has responded to the incident, senior staff should assess the effectiveness of their response and identify why the incident occurred. This allows them to mitigate the risk of future incidents and assures that, should it happen again, the organisation has the best possible plan in place.
Source: IT Governance