Remote working has been a significant societal and technology trend for the last decade but has been almost fully established by rushed necessity as a result of COVID19. Whilst Remote Working offers significant benefits in terms of flexibility, productivity, business continuity the rush to establish the service and the criticality of the services and infrastructure upon which it depends means that organisations need a comprehensive incident response plan to protect the service, its users, customers and the organisation from any security incidents that might occur.
What is an incident response plan?
An Incident response plan is systemic, documented, communicated and ideally rehearsed approach to prepare for, detect, contain and recover from suspected Information or Cyber security breaches
Incident Response is a system and process that requires continuous application and needs sustainable practices in order to be continuously effective. From Ward Solutions 20 years’ experience helping organisations manage their information risk, these are the top 5 tips that help us help our clients to sustain their Incident Response programs:
So what are the top 5 tips to sustain your Incident Response Capabilities:
1. Invest in regular Incident Response Skills and Support training – building and retaining the muscle memory of incident management for the organisation is very important to the success of your incident response program. The muscle memory of skilled confident incident investigation and handling is the difference between a slick process with good outcomes versus a chaotic process with poor outcomes. A tiered and blended approach to training is required appropriate to the different incident response roles. Technical roles may require training and support is use of existing or the latest tools and technologies to investigate and manage the technical part of incidents. Business roles may require compliance, legal and procedural training on the best practices, organisational plans, procedures and legal/compliance/contractual obligations during the different phases of an incident. Ideally all team rehearse or simulate incident response regularly both individually and collectively, including inter, intra organisation and public/media communications.
2. Invest in up to date and integrated Threat intelligence
3. Automate incident prevention and response where possible – Given the scale and complexity of the data, processes, potential stakeholders and actors in an incident, technologies and services such as security orchestration, automation, response and artificial intelligence have the potential to greatly assist in incident prevention, detection, analysis, response and recovery. However these technologies only become effective in assisting incident management and response when an organisations fundamental incident management and response plan and its people and organisational capabilities are comprehensive and robust in their own right.
4. Maintain Executive support and interest – active ongoing executive support and interest is key to effective incident management. Executive are not only key actors in the incident management process and thus need to be skilled in it, they are also leaders, sponsors and advocates for Incident prevention, detection and management within their functions. As budget and resource holders they are also key to providing the time, personnel and financial resources to sustaining the program. Remind your executive in subtle ways that they are the key beneficiaries of effective incident response, in that organisational revenue, brand, profits, shareprice, their liberty and bonuses are protected through effective incident response. Their ongoing interest needs to be nurtured through active engagement, reporting and communication of the incident management and response program. Communicate occurrence of relevant incidents and outcomes. Don’t forget to deliver the good news as well – prevention of or substantial mitigation of incident. As always tailor the communications to the appropriate, levels, format and frequency for your audiences.
5. Operate continuous improvement – find opportunity to implement a mind set of continuous improvement. Perform regular assessment of your risks, threats, likelihood of occurrence and impacts. Perform regular audits of your processes and controls. Perform after action review of incidents, big and small as well as near misses. Update your incident management processes, procedures, controls, tools, skills etc as appropriate. Effective Incident management and response is a continuous journey, not a once off destination.