This happens when there's a lack of preparation, but we can all choose to take actionable steps to turn down the temperature during incident response and help others and ourselves re-frame the issue.
Those who have built trusted internal and external relationships, have planned for the tough decisions, and understand what matters most to the company will be able to effectively navigate a cybersecurity incident without it being perceived as an existential crisis.
Below, we outline steps companies can take based on this methodology.
Cybersecurity professionals in legal and IT security departments have key roles in working through a data security incident, but often fail to build up a trusted relationship in advance.
That's a pity, because when the trust each other and understand and appreciate the roles that the others will play, the response process is much smoother and mitigates risk to the company.
A focused operational tabletop exercise is one way to clarify responsibilities and to work through specific steps each group will be responsible for during an incident.
During these discussions, legal and IT security personnel can help others understand that there is a plan and can also explain the lifecycle of an incident.
Working through who from your company will be engaged and building trusted relationships with them is only one piece of the puzzle.
Companies are best placed to respond to an incident when they have also worked to build outside relationships - with law enforcement, crisis communications firms, forensic examiners, and outside legal counsel.
This also extends to making sure you have built and understand those relationships with your key suppliers, as incidents impacting your suppliers can cause significant disruptions to your company.
When an incident is in progress, it is crucial to know who is empowered to make key decisions.
The true decision makers need to know how to filter out that static and know who and what they will rely on to make the decision.
They are also well served to have partnered with legal to know how they will ensure and document that key decisions are made in good faith, based on information as known at that time and with an understanding that incident response often deals with incomplete or imperfect information.
To prepare, stay on top of current notification requirements and expectations, and understand your company's operations and the data being processed and how your company plays its part in the digital economy.
Being able to list these out as you think through them will help keep things in line when a significant incident occurs.
Familiarize yourself with your company's incident response plan and figure out if it works before an incident unfolds.
Legal and IT security departments should use the data issues that pop up every day - whether it's a misdirected email or a lost laptop - as real-life test scenarios.
These are opportunities to talk through the technical and operational steps and the knowledge gained from these will resonate in larger-scale incidents.
The provisions described above are important steps everyone can take now to bring some clarity to real-world incident response processes.
With proper planning, we can all start looking at data security incidents as manageable business risks and not existential crises.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 09 Jan 2024 06:43:04 +0000