As many organisations are recognising and experiencing first-hand, cyber-attacks are no longer a matter of if, but when. Recent cyber breaches at major corporations highlight the increasing sophistication, stealth, and persistence of cyber-attacks that organisations are facing today. These breaches are resulting in increased regulatory and business impact.
The loss of intellectual property, customer data and other sensitive information—the disruption of business operations—can cause severe financial and reputational damage.
Due to a lack of experience, these incidents are often not managed effectively and escalate further.
Most organisations do not know how to respond when they discover an ongoing cyber attack. Whom to inform? How should the various departments cooperate? Where should the focus of the teams and individuals be?
One of the most common causes of a failed response is a lack of adequate preparation.
Establishing clear lines of communication, policies and procedures, and rules of engagement, as well as practicing the response in simulated exercises, sets the groundwork for a successful response when an incident occurs.
Organisations need to put their plans into action with regular frequency before a real attack —similar to the way fire drills are performed. Lack of exercising an incident response plan could result in increased response time, confusion, and worst, an exploit.
Incident readiness training can help foster the appropriate level of experience across the company aiming at:
- Getting familiar with handling crisis situations
- Evaluating how people and teams work in stress situations
- Managing roles, tasks and delegation during a cyberattack
- Managing business processes while in crisis mode
Participants are challenged to collaborate and apply the cyber incident response strategy and take quick decisions in critical moments.
Senior management should periodically review and analyse the outcome of the training exercise alongside incident management approach, artefacts and methodologies. The overall aim should be to ensure that there is continuous improvement in the company’s management of information security incidents.