Plan for Cyber Breaches, Then Practice, Practice, Practice>
The Cipher Brief – Rick Ledgett
Why do you need an incident response plan. Because if one of these bad actors wants to get into your network, and they make it a priority, odds are they will. And high-end criminal cyber actors can approach nation states in terms of their technical proficiency and long-term focus, and ability to concentrate resources. Last yearâs WannaCry ransomware and the destructive NotPetya attack â both of which are allegedly modified tools stolen from the U.S. government â are indicative of the caliber of software thatâs out there. So you need to plan for a breach. I have been through a large number of crises in my career, and can personally attest to the fact that the clock is an unforgiving master. So how do you get more time. By developing an incident response plan that addresses every aspect of a breach and your response, and practicing it. Practice is the key, and it must be at every level â the technical organizations responding to the breach, the business units involved, the management team and the board. By practicing, each group will be more efficient in their actions and take less time trying to decide or remember what to do. Exercising the plan provides several important advantages. For example, management teams and boards will have time to deliberate on difficult choices without the pressure of an emergent situation; the resulting decisions will likely be more reasoned and complete. Practicing the incident response plan using different scenarios also helps refine the plan and identify gaps that may not have been apparent when the plan was first developed. An exercise should also be a chance for the organizationâs response leads to meet their counterparts in external organizations. This includes law enforcement, regulators, key business partners, suppliers and customer organizations. Communications, both internal and external, are a critical part of any successful breach response. Exercising gives the organization a chance to develop principles and guidelines for communicating, and to have some pre-vetted communications for certain scenarios âin the canâ and ready to go. The time to develop a plan and practice actions that you would take during a breach is before the event, not during the event. Think how differently the Equifax breach might have turned out for the company if they had exercised their incident response plan.
Link: https://www.thecipherbrief.com/column/cyber-advisor/plan-cyber-breaches-practice-practice-practice