Page 61 - Cyber Defense eMagazine January 2023
P. 61

on their core priorities rather than having to divert attention to cybersecurity challenges, by having an
            expert cybersecurity service provider at their sides.

            For larger companies, layering in the experience of a service provider might serve to augment solid
            existing processes, quickly filling in any gaps. Collaborating with a cybersecurity partner also provides
            checks  and  balances  on  the  overall  system,  ensuring  more  than  one  set  of  eyes  is  assessing  that
            system’s health.




            Incident response plans

            The U.S. Secret Service recently needed help with running a cyber incident response simulation for public
            and private corporations.


            The  exercise  my  colleagues  and  I  did  with  them  highlighted  the  importance  of  having  a  functional
            company incident response plan. At the highest of levels, this type of plan is akin to a cookbook. Setting
            out to make a meal — i.e., declare a cybersecurity incident — you do not make every recipe in the
            cookbook. Instead, you select the recipe appropriate to the specific meal.

            A strong incident response plan defines what an incident is because this varies among organizations and
            industry verticals. It also assigns roles and responsibilities, describes the incident severity according to
            its  business  impact,  defines  categories  and  examples  of  common  incidents,  outlines  an  escalation
            process to engage senior leadership and provides flexible instructions that act as guiding principles for
            responders during an event.

            Incident response plan teams should comprise decision makers and stakeholders throughout multiple
            levels of an organization. Team members should have an awareness of the risks and costs associated
            with disruptive events.



            Proper communication

            The Secret Service breach simulation illuminated a set of optimal communication steps in the wake of a
            breach:


                   ●  Contact the company’s bank and law enforcement.
                   ●  Gather as much information as possible.
                   ●  Be candid with employees regarding the breach, providing the facts collected, instructing all
                       to change every password, share relevant links so employees may lock their credit and direct
                       them to follow up with a credit protection agency.
                   ●  Ensure information sharing among the management teams of the breached company and that
                       company’s cybersecurity provider, with CEOs of each contacting their respective boards as
                       soon as possible.
                   ●  Work with legal counsel to comply with state and international notification protocols if PII is
                       involved.




            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       61
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   56   57   58   59   60   61   62   63   64   65   66