With cyber attacks one of the top threats to organisations, it’s crucial to have the right measures in place to protect yourself from an attack. However, cyber threats are also becoming more sophisticated and persistent, and protection isn’t always enough. Organisations should have a plan in place to respond to an attack, enabling them to contain it and ultimately control the costs and exposure.
It can take months for a security breach to be detected, with the EMEA average being 175 days. This gives criminals a large amount of time to exploit an organisation’s data, and can become costly due to reputational damage and legal fees. Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview reported that “[t]he faster the data breach can be identified and contained, the lower the costs”. Having incident response management in place gives the organisation the ability to take control of the situation and reduce the impact of the security breach. By being able to respond quickly you can limit the damage by, for instance, preventing unauthorised access to your data and isolating malware infections.
Cyber incident response management is not only a benefit to your business, it can be a legal requirement. Under the Network and Information Systems Regulations 2018 (NIS Regulations), organisations that provide critical services are required to handle incidents effectively. This includes the mandatory incident notification as well as being able to contain the incident.
When the General Date Protection Regulation (GDPR) comes into effect, organisations will be required to implement an effective incident response plan to contain any damage in the event of a data breach and minimise the risk of future breaches. Organisations will also need to report personal data breaches to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.
How you can implement an CIRM plan
You cannot prevent the inevitable from happening, but you can prepare an effective response plan and do all you can to minimise the impact of an incident when it does happen. IT Governance’s Cyber Incident Response Management consultancy service will analyse your organisation’s current security controls and identify your vulnerability gaps. Based on this, an action plan will be developed to help your organisation protect itself from a wide range of cyber incidents, remediating the issues that leads to them and recovering to business as usual.
Our Incident Response Management Foundation training course provides an introduction to developing a cyber incident response programme according to the requirements of the GDPR and NIS Directive.