Incident Response

Incident Program Documents

US-CERT

NIST Guidelines

How to Build an Incident Response Plan

Modern times mean easier access to information, resources, and people. But digital tools also suggest it?s more likely than ever your company will be the victim of a cyber attack. While there are ways to minimize risks, no technique is foolproof. To be prepared when a hacker strikes, it?s ideal to have an incident response strategy in place beforehand.

What is an Incident Response Plan?

Although most business owners are familiar with disaster response and other types of concrete emergency plans, many neglect the cybersecurity side. Unfortunately, in the modern world, not accounting for digital threats could ruin your business.

However, adequate preparation in the form of an incident response plan can help. An incident response plan addresses cyber-attacks if or when they happen. Though you should already have both a vulnerability management program and risk management program in place, those precautions are not always enough.

Why Do Businesses Need an Incident Response Plan?

Because of how quickly today?s technology is changing, hackers have more opportunities than ever to disrupt business and ruin a company?s future. No method of hacker protection is infallible, so although you may have addressed vulnerabilities and reduced risks, a breach could still happen.

In fact, one company estimated that by 2021, cybercrime would cost at least $6 trillion per year. Cybercrimes cost companies money in the form of both lost productivity and consumer mistrust. But such crimes also affect personal and financial information, destroy intellectual property, and support fraud.

The bottom line is that an incident response plan is insurance against at least some of those losses. In combination, vulnerability and risk management plans plus incident response steps can help lower your organization?s risk of losing out on profits and losing its reputation.

How to Build an Incident Response Plan

Hopefully, you are starting out with vulnerability and risk management programs already in place. On top of that, you should also maintain database standards and guidelines for information systems to streamline operations and reduce vulnerabilities. Once those plans are in effect, you can consider what to do if disaster strikes, in the form of a cybersecurity breach.

Forecast Risk

Regardless of the size or worth of your company, accurately forecasting what the risks are to your business is critical. Consider what company assets you have that hackers would want to access. You might store consumer data like credit card numbers, addresses, or other sensitive information. Or, you may possess intellectual property that?s valuable and highly coveted in your industry.

Prioritize your assets to determine which ones are ?worth? the most so that you can establish what needs the most protection. Also consider which assets are linked, meaning that one would affect another if a breach happened.

What Are the Odds?

Once you determine which assets are at risk, then you need to examine the likelihood of a breach. If you don?t store consumer data, the odds of a hacker seeking out your company may be lower.

However, you may not store credit card numbers or addresses, but you might maintain databases with marketing data on each consumer subgroup. Even information such as shopping habits or brand preferences can prove valuable in the digital world.

Examine the vulnerabilities of your company, including both internal and external forces. Whether it?s the potential for employees to leak or steal information or the ability of vendors to remotely access your network, you need to look carefully at every source of everyday business.

Create a Plan

The specific steps of your plan may vary depending on the industry, size of the company, and other factors. But having a pre-determined outline to follow in times of crisis will prove beneficial.

Your plan may include items like incident detection, containment, resolution, and post-incident recovery. Each facet will involve a different area of the company, such as human resources for the post-recovery public relations support or information technology staff for the detection. Key roles and responsibilities for your incident response team will vary, but some positions are essential.

Streamlining the process of incident response through a series of preformulated steps will give the company a place to turn when disaster strikes. It may also keep an otherwise severe incident from spiraling out of control.

Assign a Team

If a cybersecurity crisis hits, having an A-team at the ready is the ideal way to prepare for a response. Keep in mind, however, that the more diverse and far-reaching the team, the better the chances they will be able to address the breach adequately.

For example, including a team of customer service or sales staff may help you with addressing the public relations aspect of crisis response. But a group of Security Analysts and IT professionals will know more about what?s happening on the back end of the issue, leading to a hopefully quick resolution.

Though your team may be professional in every capacity, you should still expect to spend some time administering guidance and keeping everyone apprised of updates or changes to the incident response plan.

Overall, the plan should be a living, changing set of tools that is always ready to address an incident. To that end, it helps to run scenarios via tabletop exercises or simulation attacks.

Enlist Company Buy-In

Ideally, you will have a team whose primary focus is practicing and adjusting the incident response plan. But what about the rest of the company? Without organization-wide backing, you may lack the support necessary to implement the plan in an emergency.

Outlining each step of the plan for all employees, and sharing progress and updates, can help keep all staff invested in protecting the company?s assets. You may also benefit from suggestions or knowledge that come from unexpected places. After all, the more diverse the group, the more likely for diverse ideas to emerge.

Conclusion

Between coordinating resources, documenting status updates, overhauling digital systems, and training staff, developing and implementing an incident response plan seems like a lot of work. But when you consider that some pre-planning now could save your business from a profit-swiping hacker later, it?s worth the time and effort to build an incident response plan.