Responding to a cyber incident is an organisation-wide exercise.
When – not if – a cyber incident happens, does your company know what to do? Only 25 per cent of international companies have an incident response plan in place, and of them only half have actually tested their plan.
– I don’t want executives to be alarmed about this; I want them to be aware about this, says Erno Doorenspleet, X-Force Command C-TOC Executive at IBM.
Doorenspleet, who has 20 years of experience, draws a comparison between cyber security today and a major event of 1999: the Y2K bug.
– Everyone was aware of the potential problem when the clocks switched to the year 2000 and worked to prepare, he says. – In contrast, today everyone knows they will have an incident, but many are not implementing best practices.
A key point Doorenspleet emphasises is that a data breach or other incident is not merely an IT or security incident and shouldn’t be treated as such.
– This involves the entire organisation and multiple departments need to collaborate together, he explains. – IT, HR, Legal, Communications… they all need to be involved, because this affects the entire organisation.
The basics of a good cyber incident plan are simple. It defines who leads the team. The plan details the steps to take when an incident occurs. Additionally, it addresses the resources necessary to protect the company, suppliers, partners and customers.
Yet having a good plan is only part of the picture. That plan must also be tested and refined.
– Look at firefighters, says Doorenspleet. – They train so that when the alarm bell rings everyone leaps into action. Everyone knows exactly what he or she is supposed to do. It’s like muscle memory.
If they aren’t trained, they are likely to panic and make bad decisions. The exact same thing can happen during a cyber incident, which is a stressful event for everyone involved.
– Everyone in the company should know what is going on and what is expected of them, from the CEO all the way to the new trainee, Doorenspleet says. – You don’t want chaos among your staff, so you need to communicate clearly and simply with them.
The benefits of an up-to-date and tested plan include cost savings, enhanced reputation and overall resiliency of the company.
– Responding to a cyber incident is the responsibility of the entire organisation, because it affects everyone and everyone has a part to play, says Doorenspleet.