IR Plans. What Can You do to Enhance It?
If you really think about it, incident response plan (IR plan) is just old books on a shelf. These written guides, which show how firms should detect, respond, and limit the effects of a security incident, should be highly valued but are usually left gathering dust on the “shelf”. So many plans go untried and untested for years and sometimes are out-dated that they are unfit to help at the time of a data breach.
Cyber security experts say that IR plan today should include a policy that defines what an incident is, and have a step-by-step guide of how the business responds to an incident. Following the directions in place, organizations hope to lessen the blow from the attacks and reduce costs and recovery time that are usually associated with data breaches.
It is funny even with all these cyber incidents, some companies do not even have one in place. It is really concerning those certain organizations still do not take cybersecurity seriously and are not prepared to respond to a cyber breach.
So what are some factors that you could look out for to improve or to prepare your IR plan started? Let’s discuss.
- Fixing the IR plans: Do you have an IR Plan in place? More often than not the plan does not fit the purpose. Some IR plans are so poorly designed that, in a case of an emergency, they would do no good. One point of failure is that some companies love to put one or two people in charge to guide the organization through the crisis. This might become very troubling in case both employees in charge are unavailable. Who will take responsibility of leading corporation through a crisis then? Have a plan, train according to the plan and make sure everyone knows their responsibilities in case of crisis and emergency.
- How it should look: When building IR plans you need to have the purpose defined, the role of each team member, as well as the lifecycle of the plan itself. It is encouraged to hold exercises to practice the plans. A big part is having cross-department reps that are selected to take the lead on incidents in their departments to make sure there are multiple hands and coordinated actions responding to the incident. Many believe that there are six key phases to develop a successful IR plan: 1) Preparation 2) Identification 3) Containment 4) Eradication 5) Recovery 6) Lesson Learned.
- Team and Skills: A lot of professionals highlight the importance of team’s diversity that can execute on the plan. Experts say that communication can make or break any IR plan to ensure that team members know exactly what they are supposed to do and coordinate their actions. Plans rely on good intelligence and statistics being provided by the managers, who can turn it into business language for company leaders. Attackers will know right away if the plan has holes in it, so why give them a chance? Put a team that can execute their part so there are no cracks that people can slip in resulting in branding and corporate reputation damage.
So take that incident response plan off the shelf, blow some dust off it and make sure it is still applicable. A robust plan is very much achievable, as long as you get the right processes in place, the right people onboard and that you test it regularly to ensure it is fit for purpose. What are you waiting for?
For more information on Incident Response or the best in the SOAR (Security Orchestration and Automation Response). Please visit our websites!!