Exclusive: The secret to building robust incident response plans

In recent months, organisations have had to roll-out work from home initiatives at a rate and scale that in normal circumstances would have been considered unimaginable. These measures have helped safeguard the health and wellbeing of millions of individuals and are therefore highly commendable.

While large enterprises and especially technology companies have had the infrastructure in place to support entirely remote workforces, the situation has been very different for the vast majority of small to medium enterprises. For many of these, support for remote working has only gone so far as granting access to corporate email and other non-operational systems. The speed with which these organisations have now had to transition to the ‘new norm’ has therefore translated to security gaps being overlooked or even unintentionally introduced into corporate networks.

And while there have been truly heart-warming displays of human resolve and unity through the crisis, it hasn’t deterred hackers who have instead begun to prey on fear, misinformation and confusion. They have been quick to exploit changes in employee behaviours and the limited control that IT teams can enforce when business-critical applications and data must now be accessed from anywhere and on any device.

As a result, organisations must now contend not only with ensuring business continuity as employees move to remote working arrangements, but also with the ever-looming threat of these efforts being undermined by cyber criminals. With IT teams working remotely, the ability of their team members to collaborate seamlessly has been impacted, further exacerbating the problem. Responding to security events under such conditions can be immensely stressful as delays could potentially cripple operations that are today more dependent on IT systems than ever before.

Now more than ever, there is need for organisations to prepare for the worst and build robust, actionable incident response plans.

Building up from the basics

For organisations that have never had incident response plans in place before, the right place to start would be to begin taking into account the systems, processes and business continuity plans that are already established. In fact, given many of these will have been significantly altered in recent months, I’d recommend that even organisations that have established incident response plans conduct this exercise. Once you understand your business and its greatest dependencies, you’ll have a better idea of what you need to protect first and when, if things go wrong.

Audits are essential

Simply outlining the steps that need to be taken in case of an incident isn’t enough! After all, if you have to wait to be attacked to find out how effective your strategy really is, you might already be too late. This is where testing and fine-tuning incident response fits in as it helps ensure that your plan and its policies are relevant, effective and up to date.

While industry best practices recommend auditing IR plans on a quarterly basis, given the rapid rate at which organisational dynamics are changing as a result of the current global situation, I would advocate for far more frequent review.

Lessons learned

While most incident response plans tend to focus on the task at hand – containing and stopping the incident – it is important to remember that an effective strategy doesn’t stop there. To effectively conclude the process, it’s important to follow through with documenting the incident and the response as well as identifying any gaps and areas for improvement to further solidify your security posture.

This ‘Lessons Learned’ stage is a time to question how and why, the incident occurred and what can be done to reduce the risk of future incidents. Done correctly, this stage allows you to review information that can increase the efficiency and effectiveness of your incident response team’s overall response as well as improve your organisation’s overall security.

We’re here to help

Business continuity has been top-of-mind for organisations across the world and any effective strategy needs to include a comprehensive and well-tested incident response plan. Building such a strategy can be a daunting challenge, especially if your organisation has had to adapt rapidly to new ways of doing business. That’s where Dimension Data’s Security Consulting services can add incredible value to your business. Our cybersecurity experts are ready to help you develop your roadmap for end-to-end cyber resilience, including business continuity and disaster recovery. I encourage you to get in touch with our team today.

By Ronald Powell, Regional Solutions Manager at Dimension Data Middle East

To attend ISJ’s webinar on rethinking your approach to risk management, please visit the link here