It’s already too late: Plan cyber security incident response now

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

It’s not a matter of if, but when your business will come under attack from hackers. 

There is a cyber security hacking attempt every 39 seconds. Approximately $6 trillion is expected to be spent globally on cyber security this year, and furthermore, since COVID-19, the US FBI has reported a 300% increase in reported cyber crimes.

The advent of the pandemic resulted in an increased global dependence on the cyber industry. With cyber attacks reaching unprecedented numbers this year alone, the importance of pre-emptive cyber incident response (IR) planning has been brought to the forefront.

The financial implications of these data breaches that are a result of victims who decided to pay ransomware ranges from loss of revenue and brand denigration due to customer mistrust, to an inability to recover from the attack.

What is IR planning, and how do you do it?

IR is defined as taking the steps necessary to prepare for, detect, contain and recover from a cyber security incident. An IR plan entails the following:

  • The activities required in each phase of IR.
  • The roles and responsibilities for completing IR activities.
  • Communication pathways between the IR team and the rest of the organisation.
  • Metrics to capture the effectiveness of IR capabilities.

It is important to note that the value of an IR plan does not depreciate or become obsolete when a cyber security incident is over.

It continues to provide support for successful litigation through the availability of documentation that auditors may need, as well as historical knowledge to feed into the risk assessment process and improve the IR process itself.

Why is an IR plan important?

The value of an IR plan is in its function in the greater scheme of business continuity. As IR is not limited solely to the technical sphere, the plan must be designed to align with any organisation’s priorities and levels of acceptable risk.

The information gained through the IR process can be used to feed back into both the risk assessment procedures and the IR activity itself, to ensure better handling of future incidents and an overall stronger security posture.

It is astonishing to note that a large majority of organisations either don’t have an IR plan, or…