Clark Computer Services

Incident Response Plan

Chuck's Cyber Wall

An Incident Response Plan is often viewed as a box to be checked, but that’s a mistake.

An Incident Response Plan is Required | Chuck's Cyber Wall | Incident Response Plan cyber attacker

A segment of business owners don’t realize that dealing with a breach is only part of a cyberattack, and they are surprised by the related mitigation costs. Almost without fail, those who fall into that segment have not actually implemented an Incident Response Plan. That’s because there’s more to an Incident Response Plan than just drafting a policy.

In a study of 8,100 cyber insurance claims from 2021, we discovered that the average number of claims for small businesses doubled, with average payouts exceeding $350,000, which doesn’t include the cost of ransom payments. As a result, insurance carriers require companies to improve their cybersecurity controls before providing coverage. And before paying out, insurance companies investigate to confirm that the required controls were in place at the time of the breach.

Unsurprisingly, cyber insurance claims are now being denied, leaving business owners responsible for all associated costs. And we haven’t even mentioned fines from regulatory bodies such as HIPAA, PCI, CJIS, etc.

Incident Response Plan Requirements

Let’s start with a basic definition. An Incident Response Plan is a set of tools that outline the procedures used to identify, eliminate, and recover from a cybersecurity threat. The point of these plans is to help make a quick and consistent response to an attack, minimizing the potential loss of data, resources, and customer trust.

The Six Steps of Incident Response

Preparation

In this discovery phase, a Risk Assessment is performed to identify security issues, and we begin to document the roles, responsibilities, and processes needed for the plan.

Identification

Assembling a response team is vital. When a potential breach is identified, the response team gathers evidence, determines the type and severity of the incident, and documents everything. All members of the team should be named with accompanying roles.

Containment

After a security incident is identified, these are the processes required to contain the incident and prevent further damage.

An Incident Response Plan is Required | Chuck's Cyber Wall | Incident Response Plan cybersecurity team working
An Incident Response Plan is Required | Chuck's Cyber Wall | You Need and Incident Response Plan two security professionals working

Eradication

Once contained, it is necessary to locate the root cause, remove the threat, and determine when to restore normal operations. All information must be thoroughly documented.

Recovery

This step includes specific monitoring processes for bringing systems back online and testing to ensure the threats are eradicated.

Mitigation

In the final step, documentation of the incident is completed, and areas of improvement are documented with a plan to improve security.

Response is Key

The response to a breach should not be a scramble. An Incident Response Plan is part of improving cybersecurity controls, not a separate box that must be checked. The plan includes developing a response team, each member having specific tasks in the event of a breach.

Team member names, roles, and responsibilities are recorded in the Incident Response Plan, along with all relevant contact information for those inside and outside the organization. This takes away the “what do we do” moment in the face of a cyberattack and allows for a quicker response. And when it comes down to it, mitigating a breach comes down to the efficiency and speed of the response.

Of course, the size of this team varies by the size of the organization.

Testing the Plan

Every regulatory body requires testing, whether through audit procedures, emergency mode, or recovery. Incident Response is no different. Because so much of the response matters, insurance companies want to know that the staff knows how to respond if your organization gets breached.

So here’s the first part of the test – your computer locks with a ransomware message. What do you do?

If you don’t know, call CLARK for a free quote at 301-456-6931 or send an email to [email protected]

An Incident Response Plan is Required | Chuck's Cyber Wall | You Need an Incident Response Plan security image
5 1 vote
Rate This Post
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x