In today’s threatening digital environment, cybersecurity breaches are more common than ever. Data breaches in 2018 fell 23 percent from the same time period in 2017, but the number of exposed records rose 126 percent according to the Identity Theft Resource Center. As a result, more businesses are experiencing downtime and financial loss. And the less prepared a company is to handle a breach, the longer it takes to repair the damage and get back on track.
Working to prevent a cyber attack is critical, but it’s also important to create a cyber incident response plan in the event a breach does occur. This type of plan will guide you through a data breach, outlining the necessary steps to minimize damage, get the incident under control, and reduce downtime. The 2018 Global Economic Crime Survey from PwC revealed that only 30 percent of companies have a cyber incident response plan—putting the majority of companies at great risk for suffering long-term, devastating damage.
Here are 5 key steps to creating your cybersecurity incident response plan:
- Contact the right people at the right time: As with any corporate crisis, there should be a chain of command for notifying the proper individuals who will handle a cyber breach – and the order in which they are contacted. This includes contacting IT personnel, your cyber liability insurance provider, and general counsel. These key people, plus any others your organization may establish, play a pivotal role in handling cybersecurity issues and should be aware of the situation at all times.
- Cut off access: An important step in stopping a cyber breach from doing any further damage is cutting off or limiting access to the network, email, or other platforms. While this may cause temporary disruption, it can prevent the attack from spreading further. To understand how unauthorized users may be accessing data, look at the Mitre Attack Matrix or the Cyber Kill Chain, which outline different threat techniques and stages of cyber attacks, respectively.
- Determine the extent of the damage: Before you can take steps to remediate a cyber breach, you must first establish what happened and the level of pervasiveness. By determining your level of exposure, you can rightly assess what data was compromised and who was affected. From there, you can begin implementing other stages of the cyber incident response plan to fix the vulnerability and notify affected users.
- Contact industry-related regulatory departments: If your company is in a highly regulated industry, like healthcare or financial services, you may be required to report cyber incidents to a governing industry authority. Even non-regulated industries often have strict protocol for alerting affected consumers and remediating any damage. It’s important to understand and follow these requirements to avoid being fined or sued.
- Remediate the damage: Remediation depends on the extent of the damage and what capabilities were in place, such as disaster recovery and backup. With real-time backup, companies can easily pick up where they left off, but with nightly backup, at least one full day of production is lost. To fully remediate the effects of a breach and bolster your systems to prevent another, you will likely need to use a cybersecurity professional, whether in-house or outsourced.
Many companies fail to recognize the risk of cyber breaches and therefore neglect to prepare for those threats. Consider the NotPetya ransomware attack, which wreaked havoc on some of the world’s largest corporations. Most of the affected companies were able to bounce back in a matter of days, but one company, Maersk, suffered two weeks of business disruption and $300 million in losses. How an organization handles a cyber breach—and the level of damage it’s allowed to cause—is directly tied to its level of security and preparedness.
If you’d like to learn more about developing a cyber incident response plan, contact Asylas.