Page 61 - Cyber Defense eMagazine January 2023
P. 61
on their core priorities rather than having to divert attention to cybersecurity challenges, by having an
expert cybersecurity service provider at their sides.
For larger companies, layering in the experience of a service provider might serve to augment solid
existing processes, quickly filling in any gaps. Collaborating with a cybersecurity partner also provides
checks and balances on the overall system, ensuring more than one set of eyes is assessing that
system’s health.
Incident response plans
The U.S. Secret Service recently needed help with running a cyber incident response simulation for public
and private corporations.
The exercise my colleagues and I did with them highlighted the importance of having a functional
company incident response plan. At the highest of levels, this type of plan is akin to a cookbook. Setting
out to make a meal — i.e., declare a cybersecurity incident — you do not make every recipe in the
cookbook. Instead, you select the recipe appropriate to the specific meal.
A strong incident response plan defines what an incident is because this varies among organizations and
industry verticals. It also assigns roles and responsibilities, describes the incident severity according to
its business impact, defines categories and examples of common incidents, outlines an escalation
process to engage senior leadership and provides flexible instructions that act as guiding principles for
responders during an event.
Incident response plan teams should comprise decision makers and stakeholders throughout multiple
levels of an organization. Team members should have an awareness of the risks and costs associated
with disruptive events.
Proper communication
The Secret Service breach simulation illuminated a set of optimal communication steps in the wake of a
breach:
● Contact the company’s bank and law enforcement.
● Gather as much information as possible.
● Be candid with employees regarding the breach, providing the facts collected, instructing all
to change every password, share relevant links so employees may lock their credit and direct
them to follow up with a credit protection agency.
● Ensure information sharing among the management teams of the breached company and that
company’s cybersecurity provider, with CEOs of each contacting their respective boards as
soon as possible.
● Work with legal counsel to comply with state and international notification protocols if PII is
involved.
Cyber Defense eMagazine – January 2023 Edition 61
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.