No More Excuses—Create an Incident Response Plan
With the exponential growth of cyberattacks, the question is not if a breach will occur, but when. Every organization now needs a plan that addresses the cyber threats lurking in the shadows, waiting for an opening.
With COVID-19 throwing enterprise systems into chaos, organizations have detected 445 million security breaches since the beginning of 2020. But, only 14% of businesses are prepared to defend themselves.
Threats—including phishing, spyware, and ransomware—continue to evolve and multiply. The effects of a global pandemic, such as attacks on unsecured networks, reveal vulnerabilities in the nascent cybersystems of a fully-remote enterprise. Because of the elevated risk of a breach, any business must have a rock-solid Incident Response Plan (IRP) that is both current and well-researched. So why isn’t this a higher priority for many organizations?
Often, we hear the following excuses for the lack of planning around cybersecurity.
Excuse #1: “Preparing for a cybersecurity attack is too expensive.”
The longer it takes to embrace a strong security plan, the more expensive it becomes. If the system experiences a breach and there is no protocol in place to manage the crisis, more than likely, it will cost more money to fix the problem than it would have cost to prevent the problem in the first place. The average cost of a cybersecurity breach is over $1 million, and the price is far worse for large organizations like Marriott, which faced a $126 million fee in 2018.
Adopting a strong IRP now saves money, time, and headaches down the line. It’s worth the investment.
It will cost more money to fix the problem than it would have cost to prevent the problem in the first place.
Excuse #2: “We’ve never had an IRP before, and we’ve been fine.”
A cavalier attitude provides a false sense of security. Just because one person doesn’t suffer a head injury when crashing a bike doesn’t mean another person shouldn’t wear a helmet. Expect to have a crisis. Even if the business has been running safely for decades, accept the reality that today’s world is incredibly different from generations before.
Even if the business has been running safely for decades…today’s world is incredibly different from generations before.
Excuse #3: “I’m pretty sure we have an IRP. We don’t need a new one.”
It’s wise to both know if the company has an actual IRP, as well as the location of the plan. Also, if the IRP isn’t frequently updated or used for training, it’s time to create a new one. This plan will be the most valuable protocol during a data breach, and confidence in the material is crucial. It’s better to be proactive than reactive in a crisis.
Creating an IRP
So, you’re ready to develop a security plan for your business. How do you know where to begin? What is the silver bullet to stop hackers? And what steps must someone take to ensure an IRP is a smart investment?
STEP 1: Audit your system.
Every enterprise should hire a highly technical security team to audit your system and identify your weaknesses.
Once a team examines a system, they pinpoint potential risks and create a threat model. From that model, you can scrutinize different scenarios and make an informed decision on which IRP is best for your system, your business, and your budget. Having an IRP is imperative, but if you don’t have experts who know how to fix the problem in the moment, you might as well not have a plan at all.
STEP 2: Determine how much you’re willing to risk.
A company may have a checklist of best practices that are commonly known. But, they can check all the boxes and feel like they’re done, yet remain vulnerable to more sophisticated attacks. The reality is that no amount of money keeps a system 100% bulletproof from a digital attack. So, you have to make decisions based on risk tolerance.
To what degree are you comfortable with a potential security risk? What is the price you are willing to spend to repair your company’s reputation loss? Do you have a budget set aside for the regulatory fines or legal fees associated with a data breach? These questions determine the tools and measures to take.
To what degree are you comfortable with a potential security risk?
STEP 3: Bring aboard the right expertise.
Start with a firm IRP foundation and then fill in the details. Once you’ve identified the individuals who will play a major role in the company’s crisis management team, make sure you have IT representatives present who can both determine the type of breach that has infiltrated the system and the necessary skills to shut it down. They must be aware of the latest industry threats and have a plan for each scenario.
STEP 4: Make security a part of company culture.
Most individuals overlook an entire segment of security, and that piece is awareness. Fostering community among remote teams is complicated. Add a crisis to that mix, and you’ve got an even bigger challenge to overcome.
Educate employees on the different solutions the company provides to mitigate risks, whether they are working under one roof or remotely. Individuals need to know what security systems are in place to protect themselves and the company.
Moreover, they need to embrace the importance of cybersecurity and what it means for the wellness of the company and their jobs. The goal is to make security a part of company culture. Employees should see security as a part of their job, not Big Brother watching and waiting for them to make a mistake. Ensure that security practices are approachable, and people have the tools they need to succeed; otherwise, adoption is unlikely. And if it’s not adopted, it’s useless.
Although you can’t predict a cyberattack, you can prepare for one. It requires a change in mindset. Think of cybersecurity as an operational necessity to a strategic asset—revealing new strengths and fundamental weaknesses to resolve. Embrace it as an opportunity rather than an expense.
Employees should see security as a part of their job, not Big Brother watching and waiting for them to make a mistake.
Are you looking for expert support on your remote transformation efforts or creating and implementing an incident response plan? We’re here to help. Theorem is an innovation and engineering company who builds custom software for companies making bold bets to stay ahead. Reach out to firstname.lastname@example.org or call 1 (888) 969-2983 to book a free consultation.
OUR EXPERT THEORISTS:
Luis Laimer, DevOps Engineer at Theorem
Luis Laimer is an experienced security analyst with a career spanning more than 15 years. He is a former Certified Information Systems Security Professional and active speaker within the security and tech communities. Before joining Theorem, Luis was part of the global information security team at ThoughtWorks and worked as a security consultant in various fields spanning four different countries. He uses a practical and business-focused approach to enhance information security.
Joe McIlvain, Software Architect and Engineer at Theorem
Joe McIlvain is a Solutions Architect and Engineer, focusing on the design and implementation of distributed systems. He helps Theorem’s clients to challenge premises, identify costly problems before they happen, and execute quickly on solving some of their most challenging business issues. He joined Theorem in March 2015.