The organisations worst hit by cyber attacks often have one thing in common: they lack an effective incident response plan (IRP).
Until recently, most people believed that cyber security was all about preventing incidents. But as cyber crime has grown in frequency and sophistication, it’s no longer good enough to rely on your ability to defend against incidents or assume that you won’t be hit. You will suffer major disruption sooner or later, and if you’re not prepared, the damage could be catastrophic.
Take last year’s Equifax scandal as an example. The organisation’s complete lack of security awareness led to not only the initial breach but also a string of embarrassments.
For a start, Equifax identified the breach in late July 2017, but didn’t disclose it for another six weeks. When it got around to notifying victims, it directed them to “equifaxsecurity2017.com”, rather than a page on its existing site. This immediately aroused customers’ suspicions, as this is exactly the kind of thing a phishing scam would do. It certainly didn’t help that the site contained serious bugs.
To top it off, Equifax’s Twitter account didn’t direct users to the legitimate, if not suspicious, web page. Instead, it tweeted a link to a phishing site – four times.
A turning point
Many experts have predicted that the public outcry following Equifax’s breach and subsequent mistakes could lead to a turning point in the way organisations view incident response planning.
An IRP helps organisations prevent exactly the kind of errors that Equifax made. It makes it easier to identify the necessary steps to take in the event of various disasters, and ensures that organisations acknowledge and mitigate weaknesses in their policies, technical controls and the way employees communicate with each other, customers and regulators.
IRPs also enable organisations to learn from their mistakes. After the plan has been initiated and the organisation has responded to the incident, senior staff should assess the effectiveness of their response and identify why the incident occurred. This allows them to mitigate the risk of future incidents and assures that, should it happen again, the organisation has the best possible plan in place.
Finally, IRPs can be used to help organisations comply with cyber security laws, such as the EU General Data Protection Regulation (GDPR) and the Network and Information Systems Regulations (NIS Regulations). Both require organisations to disclose high-risk breaches to their relevant supervisory authority within 72 hours of discovery. The notification should include as much detail as possible about the nature and scope of the breach, as well as the steps the organisation has taken, or plans to take, to respond to the incident.
Organisations with an IRP already have an outline of their response. Moreover, the plan should specify that the organisation contact the supervisory authority, ensuring that they don’t forget.
Learn how to implement an IRP
The introduction of the GDPR and the NIS Regulations mean that organisations are under an increasingly heavy burden to find security experts. Breaches of either law could result in penalties of up to £17 million, and although maximum fines will be reserved for only flagrant or repeat offenses, even moderate penalties could cause lasting damage.
However, the gaping security skills gap – which reportedly affects 80% of all organisations – is making it hard to find qualified staff. Those with the relevant skills are highly sought after, and are offered generous salaries and the opportunity for career progression.
If you’re interested in gaining the skills to fill a vital role in GDPR and NIS Regulations compliance, you should consider enrolling on our Incident Response Management Foundation Training Course.
This one-day course teaches you how to manage and respond to disruptive incidents effectively, and explains how to develop an incident response programme according to the requirements of the GDPR and the NIS Regulations.