I'm writing this on Pearl Harbor Day, which seems to be an appropriate time to remember an attack can come at any time. Today's attacks come not through enemy aircraft but through your computer, perpetrated by government agents, terrorists or just plain criminals.
As brought out in a post by cyber security firm Halock, even if an organization has a response plan the only test is how it responds in a real emergency. Was the incident detected early? Was the response immediate and appropriate?
According to a 2020 study by cyber security vendor FireEye, more than half of global businesses are not prepared to combat cyber attacks. A 2019 study of security management professionals found 87% of companies recognized the danger of cyber attacks but only 15% felt they had adequate defenses.
An incident response plan needs these elements:
- A readiness assessment that meets best practices.
- A review of legal and social responsibility requirements.
- Point by point responses including communication with first responders.
- Training for new responders and new requirements.
Plans have to be reviewed and teams retrained periodically, since threats and requirements continue to evolve. A study showed that trained and tested response teams save an average $2 million in data breach costs.
Most cyber insurance policies come with contact instructions in case of an incident. They may also offer resources for technical assistance. Incorporate them into your incident response plan.