At NTT Security, our mantra is prevention is better than cure and get the security basics right. Sadly, too many organisations remain unprepared and without a formal plan to respond to cybersecurity incidents.

Our annual Global Threat Intelligence Report (GTIR), which combines analysis of over six billion attacks, threats and trends around the world in 2015, shows that three quarters of organisations fall into the ‘unprepared’ category, leaving just a quarter capable to respond effectively to critical security incidents.

This is a real concern and could be down to a number of reasons. There is the possibility of security fatigue – too many high profile security breaches, information overload and conflicting advice – combined with the sheer pace of technology change, lack of investment and increased regulation.

Only when an organisation is prepared to respond to incidents can they hope to effectively mitigate impact. Our incident response recommendations to businesses are:

1. Prepare incident management processes and “run books”

Create guidelines describing how to declare and classify incidents, as well as develop “run books” to address how common incidents should be handled. Also remember to include a communications plan. Internal communication to staff is just as critical as external communication.

2. Evaluate your response effectiveness

Conduct regular test scenarios and post-mortem reviews to document and build upon response activities that worked well (and those needing improvement).

3. Update escalation rosters

Update documentation related to who in the organisation is involved in incident response activities. Update contact information for vendors and other partners too.

4. Prepare technical documentation

Put in place comprehensive and accurate details about the organisation’s network in order to identify impacted systems and make accurate decisions.

Finally, organisations might want to consider outsourcing incident response services to a Managed Security Services Provider (MSSP). A trusted provider can alleviate the problem of there not being enough resource in-house – taking all the time-consuming and repetitive workload away from an organisation’s IT team, leaving them to get on with managing the business.

For more findings on incident response, download our GTIR report at: