[BreachExchange] Does your cyber incident response plan include these best practices?

Thu Jun 14 20:59:27 EDT 2018

https://www.bizjournals.com/twincities/news/2018/06/11/
does-your-cyber-incident-response-plan-include.html

When it comes to corporate cyber incidents, there's no debating the facts:
Attacks are more sophisticated, frequent, widespread, and costly than ever.
In 2015, cybercrime cost companies $3 trillion. By 2021, that number is
expected to double. At that point, cybercrime will become the most
profitable criminal enterprise in the world.

The ramifications can also last for years. Minneapolis-based retail giant
Target made headlines for a massive data breach in 2013, and paid a
multi-state settlement of $18.5 million just last year.

Smart business leaders understand a cyberattack isn't a possibility — it's
an inevitability. And yet, even in a climate of awareness about the threats
posed by cybercrime, businesses aren't doing enough to prepare for these
incidents.

Having a well-protected corporate infrastructure with the requisite
safeguards is vital — and not just in technology but in the people and
processes, too. What happens when attackers breach these defenses? How do
companies handle an incident and its fallout? When every second counts,
previous preparation increases the speed at which organizations can
respond, avoiding hastily made decisions because the pros and cons already
have been weighed. Preparation also cuts through the paralysis that can
come with such an event.

Incident response plan best practices

For enterprises, having a comprehensive and strategically designed
cybersecurity incident response plan is the single most important step to
mitigate the fallout of a malicious intrusion. These are the best practices
for designing, testing, and implementing such a plan.

● Secure participation from key stakeholders. A security breach affects
many groups within an organization. As a result, cross-departmental support
and buy-in is needed during the ideation and development phase. Human
resource leaders, compliance officers, legal representatives, external
vendors such as technology providers and public relations firms, and
management liaisons all need a seat at the table.

● Delineate roles. Once you have key stakeholders in the room, it's
important to clearly layout their specific responsibilities in the event of
a breach. Perhaps HR leaders are on point for internal communications when
a breach happens, while the PR team handles external communications. At the
same time, legal representatives should be ready for any regulatory
implications of a breach, while IT experts should familiarize themselves
with the back-end work they'll need to handle. Specifying these roles in
advance of a breach prevents the kind of high-level confusion that ensued
in the wake of the Equifax incidents.

● Run tabletop exercises. As companies flesh out an incident response plan,
the true litmus test is a breach simulation. The best way to conduct this
exercise is with a third party, since that eliminates the possibility of
bias in designing the mock attack. In terms of tabletop objectives, the
goal should be to validate that your plan considers all actions and
activities that need to occur during a breach. It can also validate whether
each function understands their role and more importantly reveal how
various personalities may affect the breach response.

● Communicate effectively. When a cybersecurity incident occurs, chaos is
inevitable with multiple workstreams, competing priorities, and the number
of people involved. The investigation aspect is only one part to the
response, competing with executive briefings, legal notification, HR,
regulatory concerns, and public relations, to name a few. It is imperative
for companies to understand how to communicate effectively amid the chaos.
Companies should create a viable incident response plan that touches every
part of the organization and then communicate the plan — in a simple and
digestible way — to all employees.

When it comes to cyberattacks on companies, there are two parts: the
incident and the response. Companies often cannot always control the
former, but they have significant control over the latter. By designing and
implementing incident response plans that are cross-departmental, carefully
designed, and endorsed by all key stakeholders, companies can strengthen
public trust and brand reputation in a situation that could otherwise be
ruinous.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180614/cfc78704/attachment.html>