Given that cyber breaches will occur, businesses need an incident response plan to address them. According to a post by Phil Robinson in Cyber Security Intelligence (https://www.cybersecurityintelligence.com/blog/why-are-businesses-ignoring-incident-response-7033.html) most businesses do not have a plan. (While the post is based on a United Kingdom survey, the situation is probably similar in the United States.)
An incident response plan enables a business to react quickly to a breach, identify compromised data and select an appropriate response. IBM Security found it takes an average of 70 days to contain a breach; the cost of resolution is 58% higher if there is no response plan.
An incident respons eplan should include the following components:
- List the resources, training and teams.
- Procedures to be followed, including contact information.
- Assess and investigate the impact.
The response plan needs to follow the stages of a threat:
- Identification and analysis.
- Containment.
- Eradication.
- Recovery.
- Post-incident review.
Once the plan is in place it must be regularly tested and updated. Remember, failing to plan is planning to fail.