Cyber incident response planning is quickly becoming a vital component of a strong defensible business continuity strategy. The pervasive threat of ransomware and its potential to cripple organizations large and small make it so important to have a TESTED readiness plan.
The impact a cyber incident is so much more than just the loss of assets held for ransom. Your organization’s reputation, assets, and ability to survive a cyber incident relies on tested readiness. Your customers, vendors, even your insurance company expect a tested plan. Your staff wants to know how to react with coordinated efficiency. That’s why organizations aren’t just building Disaster Plans, they are testing their cyber incident response plans. To help get this process started, we invited in SECOPS experts who help power Donoma’s FLxSecure solution to discuss best practices.
Cyber Incident Response Planning Webinar Highlights
If you don’t have the time to review the webinar, these are the key points everyone needs to know:
- Cyber security response always starts with a plan that has been reviewed within the past 12 months.
- In planning for any kind of incident or outage, rehearsal is vital. Remove any roadblocks as simple as knowing who to trust in advance.
- Speed to contain the threat is vital. You need to be full in response mode within 30 minutes.
- Remember “smooth is fastest”.
- Rehearse the operational choreography. That means engaging all relevant stakeholders and departments so that time is not lost when it is no longer a drill.
- Prepare for the human elements of fatigue, stress and overwhelm.
- The best way to find gaps is to get out into the departments and solicit feedback. (Read more in our recent blog Information Governance Best Practices to Strengthen Cyber Security)
After a review of important best practices including how the PICERL Model is a vital part of a good readiness plan, we moved into a more interactive discussion with questions from participants. Some highlights include:
What’s a brute force attack?
What’s the difference between a vulnerability & a penetration test?
How do you protect a backup from being ransomed?