A fifth of businesses have no incident plan when it comes to cyber breaches, according to new research.
In a survey of 1,000 business owners by cyber security specialist Nexor, 20% said they did not have an incident plan in place should there be a breach, while 17% plan to put one in place in 2022.
An incident response plan is a documented, written plan with distinct phases that help IT professionals and staff recognise and deal with a cybersecurity incident like a data breach or cyber attack.
These documents need regular updating paired with consistent training to ensure companies remain secure whilst online.
With more businesses operating a hybrid model, effective cyber security training is imperative for all employees in order to keep businesses safe from cyber attacks. Human error is often the number one cause for vulnerabilities, thus accurate training can help diminish this.
When it comes to cyber security, four in ten bosses admit their biggest challenge is ensuring their business is sufficiently protected. A further 23% say their main hurdle is knowing where to start, or being able to afford adequate cyber protection.
Fergus Mathieson, Head of Markets and Propositions at Nexor, details what makes a great incident response plan and where to get started:
“Security incidents can and will take place within your business and effective cyber security training and protocols are essential to effectively protect your business. Making sound decisions to minimise the impact of a security breach can be difficult and costly in terms of downtime, loss of data and reputational damage. Only if your business is prepared and staff are aware of what to do, can they contain and minimise any losses.
“Maturing an Incident Response and Management Plan enables your business to make many of the important decisions in a calm pre-incident environment. However, incident response is not about having a plan that gets dusted off when your business encounters a problem. It is a method that covers the people, technology, process, and governance, forming part of your day to day operations to strengthen your defences against future incidents.”
The following Incident Response methodology, recommended by the NCSC, offers a structural approach. It ensures that the right people are engaged at the right time, and appropriate escalation and communication takes place.
Triage – The first stage of the process is where severity, categorisation and escalation is assessed to ensure that the correct people are involved from the outset.
Analyse – This stage involves determining whether an incident has occurred, and if so, the nature and the extent of the incident.
Contain/Mitigate – This stage may require critical decisions such as taking a core business system offline and to consider the consequences of any such actions.
Remediate/Eradicate – The main objective of this stage is to remove the threat, confirm that remediation has been successful and may involve monitoring for a period.
Recover – At this point the organisation should return to ‘business as usual’, ensuring that systems and data are restored. Review and action of any regulatory, legal, or PR issues should be considered at this stage.
Review – A lesson learned review should be carried out at the conclusion of any incidents to assess the effectiveness of controls, identify any improvements in policies, procedures, training, and technology.
This methodology, coupled with a defined series of playbooks, helps you react quickly and precisely.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.