1Path hosted an expert panel discussion on the importance of organization’s having an incident response plan to protect against cybersecurity attacks. Sharing their experiences as business leaders, our speakers discussed the importance of business continuity and how they have handled cybersecurity threats.
Keith Coker, CEO of Green Cloud, made the point that we have to erase the notion that cybercrime is being carried out by solo criminals in their basement. Cybercrime is now a corporate enterprise. It’s a white collar job. Organized threats have the functions to rapidly source, analyze, distribute, and monetize stolen data. As these organizations grow increasingly sophisticated, they invest in research and development to accelerate their profits even more.
Coker emphasized that by the time your organization is hit with ransomware, it’s often the case that criminals have already gone through your information, exfiltrated anything of value, and determined the rest is useless to them. That’s when they resort to locking up your data and demanding payment.
It’s become increasingly clear that the one common denominator in successful cybersecurity attack vectors relies on people. Whether it’s clicking a bad link in a phishing email or downloading an infected asset, human error is the premier component of cyberattacks.
For this reason, cybersecurity has transcended the IT sphere and should be considered a leadership issue that permeates a business. Securing your organization is no longer focused on patching and closing down ports on your firewall; it’s about business leaders, end users, security awareness training, incident response planning, and creating a culture of cybersecurity.
In order to improve the overall cybersecurity posture, one must improve the IT maturity of their organization too. Organizations can look at things such as your infrastructure and cloud, networking, business continuity, and governance.
Here are the Top 5 things you need in order to respond to a cybersecurity attack:
- Backups, backups, and backups
- Incident Recovery Team
- Incident Response Plan
- Cyber Insurance
- Did we say backups?
Ransomware is pretty common and it’s usually a non-issue if someone is properly setup with a backup environment. Backups allow you to recover from an attack with a low recovery time objective (RTO).
Incident response is key. Make sure to outline an incident response team as your business continuity plan. Ensure that you have discussed and assigned roles to key business and IT leaders. You may want to have some of your outside partners play a role in your incident response team as well. It’s important to know the capabilities of vendors, clearly communicate expectations around their response requirements, and effectively codify the vendor requirements into any business continuity planning.
Together your team can create an incident response plan that includes communication details, disaster recovery, and a business continuity plan. Be sure to incorporate clear roles and responsibilities. Your incident response plan should have phases that encompass:
The hardest part of all is keeping your plan updated. Make sure to perform table top exercises and debrief on what went well and what didn’t.
Responding to a cyberattack can either bring your organization to a grinding halt, or with the right team, the right partners, and the right training, it can feel like a minor blip in your day.