HOW DO I RESPOND TO A BREACH?
It is inevitable that most businesses will suffer a breach. Knowing this, any organisation should have plans and procedures in place to effectively respond to an incident and minimise the impact on the business, its employees and clients.
The most important aspects are restoring a business to normal service operation as quickly as possible and minimising the impact on the client base and the overall reputation of the organisation. There are 3 key elements that any business needs to address to best respond to a breach.
Cyber Protection: Respond Stage
INCIDENT MANAGEMENT
When an incident has occurred, it is important to immediately engage a process to identify, respond and manage the impact of the incident. The incident team needs to ensure that a breach is contained, the effects are mitigated, and the incident is efficiently eradicated. It is important that the business operations are returned to normal as soon as possible, any compliance requirements are upheld and then the impact is fully understood.
BUSINESS RECOVERY
By preparing for a breach, an organisation will have procedures in place for recovery time objectives and recovery point objectives (identifying the priority of IT systems, how quickly they need to be back up and running and the point of recovery) so that the business has an organised recovery plan in place.
It is important to assess key systems and assets and understand the capacity of protection. By analysing the current incident management process and policies, it is possible to understand how effective an organisation will be in implementing continuity and crisis management procedures. Recovery and communication plans must be tailored to each organisation so that it can restore all capabilities, services, and systems as well as inform internal and external stakeholders.
It is important to review and maintain these on a regular basis to minimise interruption to business operations and fully protect business objectives and reputation.
BUSINESS IMPROVEMENT
If an incident does occur, it is important to use post-incident and post-exercise reviews to actively reduce the risks associated with incidents happening in the future. By identifying the origin, the cause of the attack and assessing any shortfalls in response or preventative strategies, the business can prevent the issue from reoccurring. It is important to address the root cause or to identify systemic concerns, rather than to fix a limited issue.
WHAT SERVICES SHOULD I CONSIDER AT THE at the respond stage?
Know the security priorities for your organisation
Understand how you can improve your organisation's cyber readiness.