What is incident response planning?
An incident response plan provides a risk mitigation roadmap that leads an organisation through the recovery process after a breach has occurred.
Attacks on company systems happen constantly. We live in the era of “continuous compromise”. Its good practice to assume that a breach is going to happen at any moment. Identifying and responding to an attack needs the right team, the right tools, and the right methodology, all available at the right time.
- How will you identify that a breach is happening?
- Who will be responsible for managing communication?
- Who will be responsible for getting everything back online?
- Who will test the malware and test its capabilities?
Having a well-reasoned, technically sound and implementable IRP prepares a business, no matter how large or small, to deal with the unexpected. Successful attack mitigation stems from a solid and tested plan.
Why you need an incident response plan
- It’s a legal requirement. The GDPR, DPA (2018), PCI-DSS and NIS Regulations stipulate the need for an Incident Response Plan. Failure to have one can lead to a fine by the ICO, an investigation by law enforcement or a civil lawsuit.
- The financial costs of a breach can be catastrophic. The aftermath of an attack can be hard to recover from and can lead to days and weeks of downtime and loss of productivity.
- Handling a breach badly can adversely affect reputation, customer relationships and future business.
It’s imperative that you take proactive security measures by having an incident response plan and tested procedures in-place before attacks happen. In these times of social media, you need to be in a position to answer the difficult questions quickly and effectively and not be scrambling to answer on the fly.