Why Is It Important to Have an Incident Response Plan?
You don’t want to discover that you don’t have an Incident Response (IR) plan in the middle of a crisis. Not only will having an IR plan allow you to detect, contain and eradicate incidents more quickly, it can also help to mitigate the financial, reputation and customer losses that can occur as a result of an incident.
Controlling communications is perhaps the most difficult and important part of responding to an incident. A communications plan that lays out roles and responsibilities and who is responsible for handling any required communications will allow a controlled message that safeguards your company.
Cyber incidents can be devastating both financially and in terms of your company’s reputation. According to Security Intelligence, in a 2021 study, the average total cost of a data breach increased by nearly 10 percent to $4.24 million — the highest ever recorded. This is even worse for our healthcare system. According to Becker Health IT, data breaches in healthcare were the most expensive by industry at $9.23 million on average; that cost increased by $2 million from last year.
Having an IR Plan is the first step to keeping your company, employees and client information safe. No matter how small or large your business is, you can be targeted. Despite every measure you put into place to avoid a data breach, if (or when) a data breach occurs, being prepared means being ready!
What Is an Incident Response Plan?
An incident response plan lays out the people, processes and technology required to respond effectively in the event of a security breach. Having the right people and procedures in place is critical for dealing with a threat swiftly and successfully. The major phases of an incident response include preparation, detection, containment, eradication and recovery, and post-incident lessons learned.
A central element of an IR Plan is a communications plan that defines who can say what to whom. It is also worth considering engaging an attorney to provide a guided approach that can leverage attorney-client privilege.
Steps to Take to Get Started
The National Institute of Standards (NIST) documents key steps to developing an IR Plan. The following are cybersecurity incident response steps you will want to follow:
- Develop an incident response policy, plan and procedures
- Define the incident response team structure and services
- Prepare the team according to the documented procedures — acquiring necessary tools and documenting incident scenarios — and develop a detection and response process
- Develop a containment, eradication and recovery process
- Define post-incident activities
In practice, your company should start with an assessment of any current plans and available resources for incident response. An assessment of whether you have the skills and bandwidth to take on developing an IR Plan will allow you to determine the best course of action. You may consider a trusted external source for assistance. AISN is here to help and can provide a range of assistance — from working with your team to driving the development of the entire plan.
One last note. It isn’t enough to have a plan. It needs to be communicated, adopted, and practiced! Don’t forget: you wouldn’t just put locks on your house and then leave home without locking them. Being prepared means being ready! Even if you think you aren’t a target, you probably are.
Communicating with your team on a potential breach and the steps you took to eliminate the threat can help if that threat returns. Remember, it starts with an informed team in order to protect the organization’s data.
Contact AISN to get started with an initial assessment of your organization’s vulnerability and risk.