5 fundamentals for an effective incident response programme
23 October 2020
Coronavirus has brought into sharp focus the importance of organisational resilience and preparedness for all organisations. Uncertainty about the scope and duration of the pandemic has underlined why it’s essential to have an effective cyber security incident response programme in place.
Recent research by the Ministry of Housing Communities and Local Government found that UK local authorities face 37 cybersecurity breaches every minute. Cybersecurity incident response plans should be at the forefront of all organisational leader’s minds.
For cyber security awareness month, this is an important topic to look at.
There are five simple things you can do to improve the effectiveness of your current incident response programme. More information on each is below the infographic.
1. Understand your current readiness
Few organisations fully understand their current level of preparedness to respond to a cybersecurity incident. Although you should maintain realistic expectations, your organisation can improve their preparedness by reviewing the following areas and identifying what you may already have in place:
- Mapping: Do you have accessible, recently updated data and network topologies, staff contact details, asset registers or event logs available? Have business restoration priorities been identified and have the interdependencies between business processes, supporting systems and external suppliers been considered?
- People: Have you developed an inter-departmental incident response team with sufficient delegated authority? If your team does not have the technical skills needed, do you have arrangements with trusted third parties to provide support? Are staff adequately trained?
- Planning: Are your standard response plans clear, exercised and specific to your facilities, community and environment? Do they distinguish between threat levels and the necessary responses? Are there provisions included for handling visitors, who will not be trained in your organisation’s methods?
2. Update, update, update
A very common issue is that organisations hold outdated response plans. Setting an update schedule and log is a simple but effective way to make sure your plans keep pace with your organisation.
3. Take a holistic approach
Responsibility for organisational resilience to cybersecurity threats doesn’t end with the IT department. Often we think of business continuity or incident management as a one-size-fits-all-response to any event.
Effective organisations recognise that business continuity management is only one part of the larger organisation’s overall resilience programme. It incorporates risk, supply chain, communications, health and safety, and crisis management. Communication and engagement from across the organisation is essential, from planning to resolving incidents.
4. Bounce forward, not back
Traditionally, incident response programmes have been seen as a protective discipline solely intent on restoring the business to prior functionality. A more effective incident response programme recognises the volatility of the organisation’s risk landscape and focuses on helping the organisation adapt to changed situations and a ‘new normal’ rather than attempting to prevent them entirely.
In this way, incident response can add value to the organisation and seek solutions that develop the organisation.
In a crisis, less time generally equals a better outcome. An effective incident response plan specifies the time needed to complete each task. All elements of your incident response programme should be specifically reviewed for timing, feasibility of completion and opportunities to speed up each stage without compromising quality.
View infographic as PDF
Incident response programme infographic (opens in new tab)