Why Every Organization Needs an Incident Response Plan
Incident response is an area of cybersecurity that many people feel uncomfortable discussing. It’s difficult to fathom that even with considerable investment in qualified staff and robust defenses that your organization could still be the victim of a cyber-attack. This line of thinking can cause C-level executives to question the investments in cybersecurity and be skeptical of future investment. Before writing off having an incident response plan because of your organization’s current security posture, consider what your reaction would be if your organization was hit with the next WannaCry ransomware attack.
Creating your incident response plan while responding to a cybersecurity incident creates a situation ripe for disaster. Not knowing who the incident handler is can lead to circular discussions on who is spearheading the response, not understanding what data needs to be saved for forensic analysis results in drives being restored from backups, and not having communication throughout the process eliminates the possibility of good information sharing. This results in people going in different directions with no unified goal.
A detailed Disaster Recovery plan addresses these issues and gets everyone moving in the same direction. The incident handler gets the right people into position and manages resources to ensure that responders are working towards the same goal. Having administrators and technicians understand what data needs to be retained allows you to analyze the initial compromise after you are out of downtime.
Having communication flow from a single point of contact provides a unifying voice for responders and allows them to focus on the response instead of creating unproductive communication. Implementing this style of a plan keeps everyone informed of what needs to be done, who is doing it, and who is communicating what is going on.
Starting from scratch on creating your plan can be a daunting task. Cisco provides a helpful guide on creating an incident response plan. Think of this guide as the outline to your first draft of your new plan. If you are curious how working with an MSP like Corsica Technologies can help you establish your incident response plan reach out to us.
Ryan is a Security analyst with 10 years of combined IT experience with the last 4 focusing on cybersecurity. Ryan’s education in Criminology and Psychology enhance his capabilities in threat hunting, forensics, and end-user awareness. When not hardening client defenses, Ryan enjoys spending time with his family, hunting, fishing, and camping..