Cyber Threat Report

Cyber Incident Preparedness

cyber-security-incident-responseAs technology continues to advance, so does the threat of cyber-attacks on organizations. According to recent reports done by the University of North Georgia, only 38% of global organizations claim they are prepared to handle a sophisticated cyber-attack.

Preparedness helps organizations effectively manage and mitigate the operational, legal, and reputational consequences of an event. In this article, we will take a look at some of the major steps your organization should take to protect its network and personal data.

Before a Cyber Attack or Intrusion

Even with the support of IT, quality security applications, and advanced hardware, a lack of security compliance or a breach in one's network can create massive problems for an organization. Given today’s threat landscape, regularly scheduled security awareness training should occur for everyone in your organization, including your senior management team.

It is recommended that when preparing for a potential cyber attack your organization reviews and adopts industry-recognized best risk management practices along with guidance, such as the National Institute of Standards and Technology Cybersecurity 800-53 Framework.

Identifying mission-critical data and assets is key. Ask yourself, “what is the most essential information we need/use?" Once identified, instituting tiered security measures to appropriately protect those assets is crucial.

Create an Actionable Incident Response Plan

With security challenges advancing, it is important, for businesses to have an Incident Response Plan (IRP) in place. Alongside this, organizations should also strategize their next steps when reporting any attack to their local authorities. Creating an actionable IRP and having one in place for your organization will prove helpful down the line should there be an incident.

It is important to test the plan by conducting a tabletop exercise every six months to ensure viability. Keeping the plan up to date to properly reflect the consistent changes in personnel and the organization’s infrastructure is pivotal. Along with an actionable IRP, organizations should:

  • Have appropriate technology regularly tested in place that will be used to address an incident and the subsequent return to operations.
  • Institute basic cybersecurity procedures, such as a patch management program and 30-day log retention.
  • Make an initial assessment of the scope and nature of the incident, particularly whether it is a malicious act or a technological glitch.
  • Align policies (e.g., human resources and personnel policies) with the incident response plan that your team has mapped out to help minimize ongoing damage.

Reporting Cyber Incidents and Notifying Essential Stakeholders

Before a threat occurs, organizations are encouraged to develop a relationship with local and relevant state/federal law enforcement along with other agencies–outside counsel, public relations firms, and investigative and cybersecurity firms–that your team may need. Ensuring that your legal counsel is familiar with legal issues associated with cyber incidents is also important.

Collecting and preserving data related to the incident(s)–keeping logs, notes, and other recorded data–is necessary when integrating an IRP into your organization’s operational readiness. With the appropriate collection of reported information,  management and personnel within the organization can readily be acquainted with the ongoing situation.

Along with your internal team, local and state law enforcement, the Department of Homeland Security should be notified. Possible victims should be notified when appropriate and under individual state, federal, and other mandated notification mandates.  

After Recovering from a Cyber-attack or intrusion

In the aftermath of an actual cyber event, most organizations will take a hit in their operational capabilities, revenue, and overall reputation. 

Organizations should also consider updating or replacing their systems with next-gen technology to help prevent future possible attacks from becoming successful attacks Your team should monitor the network for any anomalous activities Lastly, conducting a post-incident review is a must to identify any signs of deficiencies in planning and executing your IRP.

Contact Janus Associates 

In our 30+ years of continuous operation, JANUS has serviced hundreds of clients across all sectors, offering best-in-class, affordable solutions. To find out more about our vCISO services, speak with a JANUS professional today.

Contact Chris Kniffin, Corporate Director, to find out how a team of affordable professionals can help you secure your organization and meet your regulatory compliance goals.