How good is your cyber incident response plan?

Many organisations must face a troubling fact: defending their digital perimeter is not enough. They should assume that successful cyberattacks will occur, and develop an effective plan to mitigate the impact.

Cyberattack dangers on the rise

Cybercriminals are successfully targeting organisations of all sizes across all industry sectors. Recent analyst and media reports make clear that attacks are becoming increasingly sophisticated and more frequent, and their consequences more dire.

One global company that suffered a large breach spent more than US$100 million on investigating the incident and on other direct remediation activities. But those costs were small compared with the subsequent multibillion-dollar loss in market capitalisation, which was largely attributed to investors’ loss of confidence in the company’s ability to respond.

That’s why it’s not enough to focus, as many enterprises do, on defending the digital perimeter with cybertechnologies such as intrusion detection and data loss prevention. When determined adversaries such as hacktivists and organised criminal syndicates set their minds to finding a way inside, every organisation with valuable digitised information is at risk of having its perimeter breached and its critical assets compromised.

Indeed, most organisations today would do well to expand their efforts to mitigate the consequences of inevitable breaches, which are likely to affect infrastructure systems and compromise key data such as personally identifiable information.

The role of an incident response plan

An incident response (IR) plan guides the response to such breaches. The primary objective of an IR plan is to manage a cybersecurity event or incident in a way that limits damage, increases the confidence of external stakeholders, and reduces recovery time and costs.

For example, the US Department of Defense, which spends upwards of US$3 billion a year on cybersecurity, operates on the assumption that its unclassified networks may be penetrated, and therefore concentrates on maintaining operations and minimising damage from a breach.

Login Required