5 Key Components of an Effective Cyber Incident Response Plan
Date: 1 May 2020
Your organisation may have a cyber incident response plan that it can fall back upon in case of a crisis, but you need to ensure it's fit-for-purpose. We show you how to achieve that in this blog.
If all cyber incident response plans were perfect, we wouldn’t hear of organisations losing millions of pounds to cyber-attacks or being shut down for days on account of ransomware, would we? The fact is that the pressure, chaos and stress during a cyber-attack can be intense and overwhelming.
So, what are the five things that you must consider to ensure that your cybersecurity incident response plan is effective and will do you some good when you face an actual cyber-attack?
We sat down with Amar Singh, Founder and CEO of Cyber Management Alliance, to curate this quick checklist of 5 things one needs to get right in their cyber incident response plan pronto!
- Keep it crisp: There is simply no point in having cyber incident response plans that run into hundreds of pages. Sadly, most of the times nobody will read them and if they do, they will definitely not remember them, especially when a crisis hits and thinking straight becomes a challenge. Always keep your incident response plans brief and to the point.
Refer to our Free Cyber Incident Response Plan Template to get an idea of how to create your own perfect Cyber Incident Response Plan.
- Keep it simple: While you cut your long-winded plan short, also remember to edit out all the fluff and needless information! Of course, we don’t mean that you over-simplify the plan, but you do need to keep it to-the-point and easily accessible to everyone.
It is also imperative to keep it as relevant to your business as possible. Tailor your cyber incident response plan workflows to the specific needs of your company.
- Play out scenarios: Talking of relevance, try to focus on all possible cyber incident scenarios that could affect your business when creating your short and specific response plans.
In aviation, for instance, the Quick Reference Handbook enlists all possible incidents that can happen in flight and what the pilot’s response to each of these should be. Regular rehearsal of these checklists makes them a part of the cockpit crew’s muscle memory and when disaster does hit in air, they are able to respond to it almost as a reflex action.
Every business should aim to create a similar scenario-based reference book in the form of their incident response plan.
One common scenario or type of attack that every business should always be ready for, in our opinion, is ransomware attacks. Ransomware attacks are becoming more common than ever, especially in the era of the COVID-19 pandemic. It's never a bad idea to also have a separate Ransomware Readiness Checklist and a Ransomware Response Checklist handy, in addition to working on your cyber incident response plan template, for when the security incident occurs.
- Know your adversary: Besides knowing the scenarios, it is also imperative to know your adversaries. You have to take into account who would want to harm your business and what damage they can cause and then work backwards. Your cyber incident response plan must be built in conjunction with this knowledge and must have steps targetted at countering the damage your specific adversaries can cause.
- Focus on the Golden Hour: The need for speed in the Golden Hour is an oft-discussed subject in the world of cybersecurity. Your cyber incident response plan must equip your team for such speed of action in both technical and organisational terms.
It should highlight the key steps to be taken within minutes and hours of the attack being discovered to isolate the breach as quickly as possible. It must also illustrate the key steps of communication to regulators and stakeholders that have to be taken with immediate effect.
Oh, one more thing. Amar encourages the reader not to blindly follow security incident response plan templates. These can be useful but unless you have a solid understanding of security incident response as a skill and/or experience in cyber incident management, the response plan template will be of little use.
If you need more information on how to design the most effective cyber incident response plan and the best practices associated with responding to a cyber incident, check out our NCSC-Certified Cyber Incident Planning & Response course. In the meanwhile, you can download our FREE cyber incident response plan template doc to start building your own organisation-specific plan.