The new normal: a massive data breach impacts hundreds of thousands of people, a denial-of-service campaign disrupts operations, a ransomware attack locks up systems. In today’s climate of cyber threats, it’s only a matter of when — not if — organizations face an attack and must deal with the consequences.

Preparation and response to those attacks determines their impact. Whether it be a lost laptop or a massive data breach, organizations of every industry must implement robust strategies that ensure a proactive approach to every level of security. Below is an overview of basic strategies that yield successful results.

Build an Effective Team

Developing a triage team that spans the organization, and covers all the critical areas, isn’t optional. The first line of defense in any cyber incident must include representatives of the following:

  • Cyber security incident response team
  • Forensic and cyber analysts
  • General counsel
  • Audit & risk management
  • Human resources
  • Public relations

Outside of these roles, review other parties that may have a vested interest due to funding, staff, etc., and include them as part of your second line of defense (if the incident needs to be escalated to a higher level). During an incident, there needs to be a central point of contact that will disseminate and receive information. This usually falls in line with the security incident response manager or general counsel, given that the information is confidential and may require attorney/client privilege.

Create a Roles & Responsibilities Matrix

Most organizations task someone with creating and maintaining cyber incident response plans. They should also ensure that security incidents are formally delegated by creating a responsibility assignment matrix, or RACI matrix. RACI stands for the four major responsibility types: Responsible, Accountable, Consulted, and Informed.

  • Responsible: those who perform the work on the task.
  • Accountable: those who approve and sign off on the work.
  • Consulted: those whose opinions are sought, such as subject matter experts.
  • Informed: those with up to date information on the progress.

The best way to create the RACI matrix is to review high level categories such as plan governance, internal and external communications, and full remediation.

Simulate Drills

Once roles and responsibilities are defined, the next step is putting them into action. Practicing the response plan is a great way to get teams and executives involved in a simulated environment. Regularly testing potential security incidents, such a ransomware attack, helps refresh teams on their roles and responsibilities, and gives you an opportunity to update processes.

Remember, practice makes perfect! The overall goal of this exercise is to build muscle memory and make incident response second nature. That way, when incidents occur, no one is left guessing and you achieve remediation in a timely manner.

Respond Efficiently

How you respond to incidents could be the difference between a minor event and a major security breach. To create an efficient and effective response, limit communications to only those on a need-to-know basis while sharing the details of the incident. Ensure that these sensitive communications are done via a secure line or in person since an attacker may have access to internal communication systems (such as email or instant messenger platforms).

In the meantime, the cyber security operations team should triage and prevent the incident from spreading any further. General counsel will need to work with PR on preparing communication to inform impacted parties and other stakeholders of the incident. Audit and risk management teams should run assessments on the impact, and involve human resources if it pertains to an employee. Altogether, an efficient response involves multiple moving parts working in sync (which requires practice!).

Moving Forward

Incidents happen. Preventing them from happening again requires a full review. How did this occur? Could it have been prevented? What are the chances of it happening again? Your investigation of an incident may leave you with more questions than answers, but proper assessment is key so you can accurately reinforce your security to prevent future compromises.

The Security Awareness Company works with you 1-on-1 to implement cyber awareness & compliance programs. With a greater than 95% client retention rate, we’re experts at creating human firewalls out of end-users! Get started here.

Andrew Egan

Andrew has held various roles within cyber security for the past decade — including compliance analyst at a major West Coast organization — and has an extensive background in implementing security awareness and phishing programs. He is best known for increasing adoption rates by using creative tactics to personalize security for his target audience.