layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

Avoiding Incident Response Plan Disasters

Posted 15th November 2023

Be Prepared With Perfect Planning 

Occasionally, those old adages that we hear so often, and tend to ignore, turn out to be incredibly appropriate when running a modern organisation supported by digital technology. In a hyper-connected business world with increasingly sophisticated cyber threats emerging on a constant basis, failure to prepare for an incident will mean that you’re preparing to fail.

Creating, developing and maintaining a clear, measured and comprehensive Incident Response plan across your entire business is absolutely essential. Without it, you are vulnerable to the chaos of cyber threats that can cripple your organisation in terms of productivity, reputation and ultimately your ability to operate.

The Devil is in The Detail

Your Incident Response plan has to be more than just a vague set of instructions written by an IT team. It needs to be created as a culturally important document shared, accessible and understood at every single level, and by every team member, at your company. There are a number of frameworks to follow for a successful plan that are all built around the implementation of four basic steps:

  1.   Preparation
  2.   Detection & Analysis
  3.   Containment, Eradication & Recovery
  4.   Post Incident Activity & Lesson Learning

Working to this structure will allow for a good foundation draft of your plan. However, it’s just as important to know what the most common pitfalls are in order to learn from them and avoid any unnecessary, and costly, mistakes.

The Top Five Incident Response Plan Mistakes

BCN is always on hand to make sure your cyber security is extraordinarily resilient and fit for purpose. Let’s take a look through five ways to help you dodge a bullet in your Incident Response plan.

1. Business Continuity is Key

Your IR plan has to be consciously and completely integrated with a broader business continuity and disaster recovery strategy. If your preparation does not include a full understanding of how your incident response will have an impact on your ability to stay operational, then chaos may be just around the corner. Everything, and everybody, has to be working on the same page for seamless working to continue during and after an incident. This means that the responsibility is on everybody to know their roles and act accordingly if and when an incident occurs. Ultimately, all stakeholders are involved, not just IT staff. From board level to Finance & HR, Sales & Marketing to any third party contractors with access to your network, all must understand the best way to keep working safely and productively in any scenario.

2. Review. Review. Review.

The landscape of potential cyber threats and bad actors is moving and evolving at such a rapid pace that certain accepted protocols can become obsolete and potentially dangerous very quickly. The only way to combat this is to keep your Incident Response plan running at a similar pace through regular reviews that are informed by any new information, changes in secure environment procedures or vulnerabilities in technology and applications. Without thorough periodic reviews you may be relying on a static, outdated, and inflexible response that leaves you open to new or maturing risks to your security posture. BCN recommends that annual reviews and updates are the minimum requirement. These should ideally be led by an experienced managed service provider in collaboration with an Incident Response team within your company that will remain vigilant and informed all year round. This way everything can also be tested at regular intervals in simulated attack scenarios to see how well the response plan performs. 

3. Security in Scalability

The majority of organisations have a good understanding of how they want to grow year on year, developing their products and services and increasing their productivity with associated rises in recruitment and/or locations. Make sure that your incident response plan is always moving in the same direction as your business goals. For example, it may be that you have to respond to regulatory obligations for your industry once you reach a certain size or turnover. If your plan doesn’t recognise this with the relevant protocol, then you may be exposed to damaging legal penalties too. Similarly, your Incident Response plan must show an evolving knowledge of all scales of threat to comfortably handle minor breaches in the same effective way as the business critical major threats. Incidents of any size can have huge impacts on reputations and industry longevity.

4. Prioritise Critical Assets

A complete and in-depth knowledge of your entire network is perhaps the most important information required for a successful Incident Response plan. A common mistake we often see is when boiler plate or generic plans have been applied without the correct tailoring or concessions for specific hardware or infrastructure. The truth is that a bespoke plan is always the recommended route to ensure that critical assets are recognised and given the correct attention as protected priorities. Identifying your vulnerabilities and the potential impact on these critical assets will allow efforts to be concentrated in the right way if a threat is realised. This should limit any catastrophes and encourage the most rapid response from resources for effective containment, eradication & recovery.

5. Clear Communication Prevents Panic

Being able to do the simple things well in the event of a security breach or cyber security incident is vital. As with most aspects of IT services, an incident response plan is only as good as the people that will be carrying it out. Without the proper training, using the right information assets, through clear communication protocols, there is always the risk of panic setting it and derailing any response. Misinformation and confusion will delay any resolution and play directly into the hands of the attackers. You must guarantee that procedures and responsibilities are well defined, documented and drilled into every team and every role. A failover channel for communications outside of your network,  such as an Incident Response Whatsapp group, is a simple way of sharing information at crucial times. Be clear. Be specific. Be understood.

Get Planning Straight Away With BCN

The frequency of cyber attacks on every network is growing at a genuinely alarming rate. It really is a case of when your organisation will be attacked, not if. A thorough and bespoke Incident Response plan is the foundation of all of your security and the key to minimising any impact from these threats. It’s your most important security tool that requires high levels of knowledge, experience and dedication to make sure it’s constantly fit for purpose and always ready to be rolled out.

BCN is always here to  share that responsibility and alleviate any anxieties that may accompany this seemingly daunting task. With over a decade of experience in Incident Response planning, we can guide you through the best options open to you in the most professional way through the highest levels of customer service.

Speak to our team to begin your security journey

Contact Us down down down