To ensure minimal business disruption, CISOs must have the right incident recovery strategies, roles, and processes in place. Security experts share tips on assembling your playbook.
When a company experiences a major IT systems outage — such as from a cybersecurity incident — it’s essentially out of business for however long the downtime lasts. That’s why having an effective incident response (IR) plan is vital.
It’s not just a matter of finding the source of an attack and containing it, though. Enterprises need to design for resilience to be able to continue operating even as key systems become unavailable.
What goes into an effective incident response plan? Here are some suggestions of essential components.
Perform impact analysis to ensure business resiliency and continuity
When a security breach brings down key systems, companies need to have a solid IT resiliency or business continuity (BC) plan in place. If the business is down for even a few hours that could lead to big financial losses and negative public relations.
0 seconds of 26 minutes, 3 secondsVolume 0%
“One of the key components of the development of a business continuity plan is to understand the essential functions your organization performs, and what the impacts would be if they were disrupted,” says Justin Kates, senior business continuity advisor for convenience store operator Wawa, who is responsible for architecting a new BC program for Wawa’s expanding footprint of more than 1,000 stores across 10 states.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3829684/how-to-create-an-effective-incident-response-plan.html
Cybersecurity leaders CISOs share insight on a crucial but overlooked task after any security incident: rebuilding trust with the stakeholders that matter the most.
When incident response plans cover the aftermath, they typically focus solely on technical matters, such as root cause analysis or upgrading systems. The problem with this approach is that breaches are not only technical in nature — they can also undermine trust among various internal and external stakeholders of the business.
This loss of trust can be hard to measure, but it manifests concretely. For example, publicly traded companies may lose the enthusiasm of institutional and retail investors. Once popular organizations for tech talent may see their pipeline of applicants dry up. The morale of your cybersecurity team may wane, leading to retention issues and resignations.
In short, CISOs must prioritize rebuilding trust with stakeholders as an equal priority to any technical exercise. After all, no improvement or upgrade matters if stakeholders do not buy into your organization’s overall cybersecurity plan or execution.
Transparency across the incident lifecycle
Christopher Robinson, chief security architect of The Linux Foundation, says transparency is key to rebuilding stakeholder trust. Unfortunately, companies often take the opposite approach.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3825447/how-cisos-can-rebuild-trust-after-a-security-incident.html
