It typically goes something like this:
You’re preparing to leave the office on a cool Tuesday afternoon when your phone rings. It’s your IT guy. You can hear the worry laced in his voice from the moment he kicks it off with a nervous cough. He has been locked out of the system and wondering if you authorized the change and have terminated his role.
You tell him no - surprised - and hear him frantically typing as you wait. Your accounting rep knocks quietly and enters your office. They are locked out of the invoicing system.
Murmurs from the workplace begin to filter into your office. Disjointed, unintelligible words swarming in at first, till you piece them together.
"Can’t access the client’s order records’"
"Can’t log in."
"What’s going on?"
“Well, that’s what I intend to find out,” you mutter to yourself.
Your IT guy tells you to come to see something for yourself. You wander through a bewildered hall into the IT office.
Your servers have been hit by ransomware - a troublesome one too, the one that encrypts each file with a unique key. While pondering how this happened in the first place, you see a message on the screen directing you to make payments in Bitcoin to a wallet or risk your data being published on the net, not to mention never being accessed by you again.
This is but a cautionary tale of how things could go awry in a matter of minutes.
At that moment, what actions do you take? What about the rest of your team? And what do you tell your clients and partners in the morning?
Data is one of the most valuable assets in today’s digitized world. But not enough attention is being paid to protecting such data, and planning accordingly to respond to cyber incidents.
Last year alone, $6 Trillion was lost to cyberattacks globally. The number is mind-boggling. And 70% of this statistic is comprised of midsize companies, facing the perfect storm of circumstances leading to 1 in 5 such businesses to experience a damaging cyber incident in 2021.
The fascinating thing about data breaches is not a matter of whether it’s going to happen. It’s a simple matter of when it will. It seems no matter how well you protect your business, well-funded cybercrime organizations constantly outdo themselves to access the 'crown jewels', whether that's Personally Identifiable Information (PII), Protected Health Information (PHI), trade secrets, or something else. It's a business, and it pays very well.
Staying on top of the situation when the threat materializes and knowing exactly what to do is often the difference between an incident and a disaster. That's precisely what a Cyber Incident Response Program is for.
What Is a Cyber Incident Response Program?
A Cyber Incident Response Program is a combination of a proactive risk management strategy, training and preparation, and actual controls aimed at helping the organization to respond to a cyber attack as efficiently as possible - on all levels, be it executive, IT, legal, HR, external partners, or even public relations.
Arguably, the key component of a decent Cyber Incident Response Program is a Cyber Incident Response Plan (or IR plan) - a specialized set of procedures or instructions to aid the business in detecting, responding, and bouncing back from cyber attacks.
Even a basic IR plan centered around specific attack scenarios such as ransomware, DDoS, phishing, or even insider threats, can make a huge difference when the crisis strikes.
A more comprehensive cyber IR plan would also include incident identification guidelines, detailed roles and responsibilities of each Cyber Incident Response Team (CIRT) member, escalation procedures, specific regulatory obligations fulfillment (as required by regulatory and compliance bodies such as PCI, DSS, SOX, HIPAA, FFIEC, and more), Do's and Don'ts for every step of the process, report templates, useful tools, and much more.
Do You Really Need a Cyber Incident Response Program for Your Business?
First of all, yes. The role of Incident Response planning in businesses cannot be downplayed. It is key that every business, small or large, has an effective incident response process in place. Why?
Regulatory bodies obligate you to. Governmental and compliance agencies want your business to reduce risks resulting from a cyber attack. Thus, they require you to have a highly comprehensive cyber incident response plan in place for implementation. For instance, the Payment Card Industry Data Security Standard (PCI DSS) Requirement 12.10 tasks businesses with ‘implementing an incident response plan’ to be sufficiently prepared to respond to a key system breach.
The impact of a breach will rise without it. Without a cyber incident response plan to actualize in the event of a breach, your business might suffer quite an irreparable loss (especially if the business is relatively small). A comprehensive IR plan helps you to not only avoid a breach, but reduce the damage if it does occur.
Your shareholders and customers want to feel safe. Data breaches aren’t a pretty sight, especially if sensitive personal or financial information is now in the wrong hands, used for fraud, impersonation, and identity theft. Your business partners, shareholders, customers, and vendors want to feel safe. Thus, if they’re aware that your business has an actionable IR plan, loyalty comes naturally.