Not a week goes by where NTT Security is asked to support clients who were the unfortunate target of cyber fraud, SQL injection, DDoS or website defacement attacks. This often presents the opportunity for leadership at those organizations to learn if their incident response planning is well architected or not. Post incident review activities usually uncover some very interesting problems.
Are your problems on this list?
- You immediately realize your organization’s incident response plan is non-existent and struggle to effectively respond to an incident.
- Your incident response plan is not documented at all.
- You realize your incident response team is not trained, or does not understand today’s threats or how to respond to them.
- When under attack, do you have to convince executive leadership to allow emergency budget to mitigate the attack?
- Are you comfortable enough to stand in front of your board of directors and confidently say you did EVERYTHING you could have done to PROACTIVELY mitigate the impact of an attack?
These questions are based on what we observe on an all too frequent basis and, if you feel uncomfortable answering them with confidence, you will likely face major hurdles while responding to incidents.
The funny thing about incident response is that you do not have to wait until an incident to determine how to handle one. However, most organizations do just that.
Incident “response” is called such appropriately so. It is about efficiently and effectively responding to an incident. It should not be the time where you “test” or start to develop your incident response plan. The great thing is that you actually have the power to address these challenges. It’s all about planning and understanding the value of a pre-defined incident response plan.
The best time to do this is NOW. Don’t think about it, do it, and do it before you experience your next incident. You will be glad you did.