Take 5 minutes to read this explanation of what a Cyber Incident Response Plan is and how to create one that’s right for your business
Running a business in 2021 without adequate planning for a cyber-attack is akin to taking your car out for a long road trip without a spare tyre. You can be optimistic and hope that you won’t need the spare, but chances are that you will. Similarly, you can hope that your business will never be attacked by cyber-criminals, but in all likelihood it’s only a matter of “when” and not “if”. The only thing that you can do in such a case is protect your business with a robust cyber incident response plan.
A cyber incident response plan is built on the premise that your business will, one day, be attacked. But if you take the right steps and respond to the attack with agility and precision, you will be able to mitigate the damage that it causes to your business, its reputation and its bottom-line.
This statement, however, leads to one pertinent question – how can you build a cyber incident response plan that is right for your business? Here are a few handy pointers to keep in mind when building a cyber incident response plan that will actually be effective for your specific organisation in case of a crisis:
1. Identify the crown jewels:
Before you create a response plan for your organisation, you must clearly identify what it is that you’re protecting. The management must concur on what the business’s most critical assets are - also known as crown jewels. An attack on these assets means an attack on the very core of the organisation. Hence, the plan must clearly be targeted towards protecting these assets as a top priority. This will help the entire team maintain a clear focus in times of chaos.
2. Be specific about stakeholders:
A good cyber incident response plan should clearly specify who is to take the most vital decisions in case of a crisis, whose word counts as the final authority, whom to turn to for legal counsel and who makes statements to the press. Identifying and clearly specifying such aspects of crisis management in the cyber incident response plan will mean minimal confusion and the least chance of passing the buck when a crisis does hit the business.
3. Play out scenarios:
An effective cyber incident response plan is always geared towards dealing with worst-case scenarios that may actually hit the organisation. Thus, while making the plan, it is imperative that the stakeholders discuss crises that are actually relevant to the business and then specify the steps that can be undertaken to combat those crises. A cyber incident response plan, then, should be fashioned quite closely on the concept of checklists in aviation where the pilots are trained repeatedly to follow certain specific steps in response to specific crises, such that those steps become part of their muscle memory.
4. Focus on the golden hour:
The top priority in the Golden Hour is to manage the crisis with the highest degree of speed possible. The cyber incident response plan should highlight which steps have to be taken in the first 10-30 minutes of an attack on the organisation. This can help in greatly reducing the impact of the attack and isolating a breach as quickly as possible.
About Cyber Management Alliance
Founded in 2015 and headquartered in London UK, Cyber Management Alliance Ltd. is a recognized, independent world leader in Cyber Incident & Crisis Management consultancy and training. The organisation is renowned globally as the creator of the flagship Cyber Incident Planning and Response course certified as part of the UK Government’s National Cyber Security Centre Certified Training Scheme.
Cyber Management Alliance has serviced over 300 enterprise clients in multiple verticals including government, banking, finance, IT, consultancies, healthcare, oil & gas and retail across 38 countries. It has established its leadership by assessing, building and improving its clients’ Cyber Incident & Crisis Management capabilities through training, tabletop exercises, health checks and audits.
