Preparing Your People & Your Budget is the Key to Incident Response
Are you ready for the worst to happen? In the hectic jumble of multiple emergencies and disaster events of 2021, many businesses realized that they weren’t quite as ready as they thought for emergency operations or cybersecurity incident response – and that’s a problem. By making, implementing, practicing and following a carefully crafted cybersecurity incident response plan, making sure that they have the right people in place to execute it and taking the cost of an incident into account when budgeting cash, companies can not only stop the damage and begin recovery from a cyberattack in a strong position to survive the blow.
This post is adapted in part from our NEW Creating an Incident Response Playbook. DOWNLOAD IT NOW>>
Prepare Your People
Cyberattacks are expensive in more ways than you might expect. You’re not just paying for immediate damage and repair like other damaging disasters. You’re also contending with loss of business costs, lost productivity, bad publicity, added payroll hours, new security tools, investigators, regulatory experts, penalties, legal costs, ransoms (if you choose to pay them) and many other factors that drive up costs while you struggle to repair your business and get it back on its feet. In addition, only about half of businesses have a cybersecurity incident response plan ready to swing into action in the event of a cyberattack, and that can lead to longer remediation times and wasted money.
Creating Your Incident Response Team
One of the first and most important steps in creating an incident response plan for something like a business email compromise (BEC) attack or whaling attack is putting together the team that will carry it out. One common structure that experts recommend is to establish a Computer Security Incident Response Team (CSIRT). This team includes everyone that will need to be contacted or take action in the event of a cybersecurity incident like a ransomware attack.
Your CSIRT team isn’t just the people in IT; it’s everyone in your organization who needs to be involved, from your IT teams to your communications shop, because this team will also handle aspects of incident response in other departments, such as dealing with legal issues or communicating with the press. Think of these roles as mini departments.
When you compile your team, you will need to look at the following roles and assign people to fill them:
- Management
2. Technical lead
3. Legal support
4. Communications
5. Interface to the security committee
6. Security officer
Source: Science Direct
Your CSRIT team is who gets called when the worst happens. Each of these folks needs to be ready to act and empowered to make the decisions necessary to mitigate the damage. It may be helpful to create a decision matrix for your team to use so that everything runs smoothly when you’re in the trenches.
The components of that decision matrix should include:
1. Owner: makes the decisions and owns the process
2. Helpers: team members who help out on a process
3. Advisors: team members who advise on a process
4. Implementers: the person or persons doing the work
5. Updaters: part of the team that is updated with the status and actions from other team members
By creating a team ahead of time, you’re taking the initial mad scramble of an emergency out of the equation, enabling your IT team and your business to benefit from a calmer, more efficient process, and that will definitely benefit your business.
See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>
Prepare Your Budget
Are you ready to face the costs associated with a cybersecurity incident and an incident response cycle? Costs are constantly escalating as are cybercrime rates. Smart businesses have money built into the budget or set aside to handle a cyberattack emergency. However, far too many businesses do not – 85% of companies do not have money in reserve for a cyberattack, and 25% of business executives still don’t understand that a cyberattack costs money at all.
Unfortunately, a cyberattack is a money pit for businesses.
- According to a 2021 report from IBM and the Ponemon Institute, the average cost of a data breach among companies surveyed reached $4.24 million per incident in 2021, the highest in 17 years.
- Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.)
- Health-care breaches cost the most by far, at $9.23 million per incident — a $2 million increase over the previous year.
- An estimated 60% of businesses shuttered within six months of experiencing a cyberattack.
- Around 61% of the cost of a data breach is paid in the first year after impact, an estimated 24 percent comes due in the next 12 to 24 months, and the bills for the final 15 percent can arrive more than two years later.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
Creating an Incident Response Plan Saves Money Even if You Never Use It
The adoption of AI, security analytics and encryption were the top-three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools. For cloud-based data breaches studied, organizations that had implemented a hybrid cloud approach had lower data breach costs ($3.61 million) than those who had a primarily public cloud ($4.8 million) or primarily private cloud approach ($4.55 million).
Just creating and drilling an incident response plan includes some amazing benefits for your business. Like a sharp reduction in the number of security incidents that a prepared business faces overall. IBM researchers determined that 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan. That’s an impressive reduction in risk just from being prepared. If you do have an incident, just having an incident response plan will also save you money. In Ponemon Institute’s “Cost of a Data Breach Report”, researchers determined that having a tested incident response plan can save 35% of the cost of an incident.
Researchers have been banging the drum about the benefits of creating a formal incident response plan for years but the message does not seem to be getting through. For the second year in a row, only 26% of respondents in this year’s IBM Cyber Resilient Organizations Study reported that their organizations have formal cybersecurity incident response plans that are applied consistently across the entire enterprise. Even with all of the attention that it grabs, only 51% of that tiny fraction of companies reported that their organizations had a specific response plan for ransomware. When specific scenario plans do exist, the top types of attacks for which organizations have response plans for are distributed denial service or DDS (65%), malware (57%) and phishing (51%) incidents.
Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>
Graphus Prevents Phishing Attacks from Becoming Phishing Disasters
Phishing is the most likely way for a cyberattack to strike your business. That means it is critical that you establish a smart defense against phishing to reduce your organization’s chance of getting walloped by a cyberattack.
Automated, AI-powered email security from Graphus is the ideal choice to combat the flood of dangerous phishing email heading for your organization. Automated email security with a solution like Graphus stops 40% more phishing messages from reaching an employee inbox than conventional security or a SEG. How? By putting three powerful shields between your employees and a phishing email.
- TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.
- EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.
- Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.