As a lawyer who figuratively parachutes into dozens of catastrophic cybersecurity incidents a year, I've learned what is truly mission critical during a cybersecurity incident. In leading cyber-emergency responses across industries, enterprise platforms, and threat vectors, there are common themes that arise no matter whether an organization is small or large. Here is what I've learned:
1. The Incident Response Plan Is Important as a Discussion Point Pre-Incident but Rarely Consulted During an EventIncident response plans are important tools to drive an organization's strategy before an incident. Tabletop exercises, where hypothetical breaches are discussed, assist in helping an organization get past the novelty of navigating a cyber catastrophe. But in the midst of a truly catastrophic cyber event, I have never seen anyone consult an incident response plan. Sometimes this is simply because the incident response plan — like the rest of the network — is encrypted and locked away as part of the spoils of the ransom. Often, though, this is just the nature of the emergency: there is no time to review the plan or convene the alleged response team.
My advice is to make certain that — no matter what incident response plan is in place — your organization knows who it will call first in an incident. The incident response plan cannot reflect the fantasy but rather the reality of your organization. Do you have a CEO who is hands-on? In that case, the incident response plan needs to reflect that they will be part of the incident response team. A hands-on CEO is not going to stand down when her organization is under extreme threat.
What is most important is that the team knows th ..
Support the originator by clicking the read the rest link below.
