The actions that you take during a cyberattack can affect the speed and strength of your recovery afterwards.
Do you have a comprehensive incident response strategy?
Safeguarding business systems and software applications against cyberattacks and data breaches is essential in today’s connected world. We’ve already discussed why digital identity management and network security should be core components of your overall cybersecurity framework. We’ve also looked at the most common types of malware used by hackers, and seen that the threat landscape demands robust cyber protection throughout every organisation.
But what happens when cybercriminals actively bombard your defences? Or worse, when they find a way to override your security protocols and penetrate your systems? Sometimes, even the best precautions aren’t good enough to impede the rogue actors lurking in the darkest corners of the web. That’s why a detailed incident response plan is imperative. Here are five things to consider when you’re formulating your strategy…
It pays to be proactive
Cyber attackers are targeting corporate digital assets – repeatedly, and with diverse tactics. No industry is immune. No business is immune. And the fallout is not purely financial: recent intelligence reports have highlighted the risk to brands, reputations, and relationships.
If you accept that a security incident is probable, if not inevitable, then you can make advance preparations to limit the damage to your business.
You need the right team for the job
Your IT personnel will have critical roles to play in the midst of a cyberattack, but they won’t be the only staff members with key responsibilities. It’s important to assemble a multifaceted incident response team that includes:
- technical professionals to analyse the problem, assess the impact on the business, implement remedial solutions, and monitor system integrity in the immediate aftermath of the attack;
- public relations officials and spokespersons to handle internal and external communication and messaging related to the incident; and
- lawyers to provide clarity on the legal implications of any action (or inaction) related to the incident.
The size and structure of your team should be determined by the scale and complexity of your organisation. National enterprises might need interdepartmental hierarchies of responders to co-ordinate efforts in different provinces; mid-market businesses in single locations might need only a handful of specialists to address the issues at hand. Define individual roles and responsibilities so that they’re clear to all team members.
The paperwork is necessary
Every second counts in a crisis scenario, so make sure that your documented incident response plan is easily accessible. Core team members should have hard copies (printed versions) stored securely in their respective offices. The digital master document should ideally be stored offline on a standalone machine: if the cyberattack in question is a network breach or disruption, there’s a chance you won’t be able to retrieve the digital file from a network location.
Your response team should be ready to communicate with a wide range of stakeholders, including employees, partners, suppliers, customers, board members, investors, shareholders, competitors, and the media. Interested parties will want to know how you’re responding to the cyberattack – and they’ll expect regular, in-depth updates that address their respective concerns.
Remember to consult your legal advisors regarding any communication obligations you may have as a result of local or international law. South Africa’s POPI Act and the European Union’s GDPR, for example, are pieces of legislation that deal with data privacy.
There will be lessons to learn
In triage mode, your team will be focused on problem-solving and damage control in line with the incident response plan – but a successful cyberattack should warrant a full investigation of your protocols and procedures. Plan for a review of your cybersecurity initiatives, or call in specialist consultants to put your playbook under a microscope.
Have you secured your digital assets? Ask us about cyber security consulting, penetration testing, and vulnerability scanning. We’ll help you strengthen your defences.