With great power comes great responsibility – the missing link in your cybersecurity incident response plan

Written by Phil Armstrong, President & CEO, Macanthium Ventures

The maxim actually dates back at least to the French Revolution, though if you’re like most people, you probably attribute it to Spider-Man character Uncle Ben, who issued it as a solemn warning to his nephew Peter Parker. It’s also a quote often used to describe the journey experienced when you climb the corporate ladder into leadership.

Throughout my career, I have overheard conversations in the cafeteria referring to how “easy” the senior management team have it. People chuckle as they imagine executives just sitting around all day, attending meetings, barking out orders, and wearing expensive clothes. To truly understand Uncle Ben’s quote, you must experience being in a senior leadership role with direct accountability for your team’s performance and company results. As a former C-suite technology leader, I’ve had stewardship over huge, global teams and trillions of customer investment dollars – and I’ve felt the full weight of the power/responsibility combination.

Here’s an example: a number of times in my 40+ year career, I received late-night phone calls relaying a state of emergency at work with an expectation that I provide instant solutions and immediately activate crisis mitigation plans. These emergencies ranged from fires, floods, typhoons, pandemics, riots, political uprisings, and acts of sabotage and vandalism. I would not wish the feelings generated by these frantic calls on anyone.

I have also experienced cybersecurity attacks that have originated from both internal and external sources. Some were acts of malice, and some were organized by highly efficient perpetrators focused on financial gain through extortion. All carried the potential to do serious harm to my company’s assets and reputation.

With great power comes great responsibility

No one is chuckling about senior management contributions at times like these. Your staff and your management team are expecting you – as the executive in charge – to react quickly and “save” the company’s data, finances, and reputation. That’s when you understand the weight of this statement and how it applies to leadership.

A decade ago, notification of a cyber incident meant scrambling the team and executing a plan to understand, contain, mitigate, manage, and cleanse the environment. Looking back, it was all a bit loose in its execution. Today, cyber criminals are organized and armed with highly sophisticated tools and techniques. They often can operate under the radar for days or weeks without leaving obvious traces of their hacking activities. It remains a sobering fact that as an organization you can do everything right to mitigate your risks and still be breached by determined criminals. A loose approach today can be costly.

It is critical to have a well-designed and well-rehearsed incident response plan: you don’t want to be figuring things out on the fly during a crisis. Small and mediumsized companies are the most vulnerable as they don’t have the resources that larger companies can dedicate to defending themselves against today’s criminals. It explains why they are increasingly frequent targets for extortion and ransomware; attacks that result in genuine threats to a company’s customer privacy, brand reputation, and financial viability. For some organizations, cyber insurance is an option to help backstop the damage done by a cyber attack. But all companies must plan and prepare.

During the early stages of an attempted or recently discovered breach, you quickly organize your activities to seek to understand what happened. You assemble a dedicated team to find answers quickly. A communication workstream is established to provide real-time information to management, the board, regulators, your cyber insurance provider, and anyone else that needs to know. You will be expected to determine:

– How did the hackers get in?

– Are they still inside and active?

– What did they extract?

– Are we considering paying the ransom?

These questions become increasingly pointed as time ticks by. Without a structured and well-rehearsed incident response plan – one that clearly assigns responsibilities, defines corporate positions, identifies a communication plan, and activates response scenarios and teams – a cyber incident runs the risk of descending into a panic-fuelled, reactionary mess.

From my observations, the in-house response team will inevitably become overwhelmed; they will be faced with long hours, high amounts of stress, and compressed timelines that contribute to mistakes, lost opportunities, insufficient sampling, and poor decisions. For many companies faced with this situation, paying the ransom is the only choice left.

Having a highly trained cybersecurity incident response team on standby, ready to jump in and assist when things get rough, is always a smart move. Having an incident plan is a must but being able to fully execute it in times of extreme distress is equally important. There is comfort in knowing that, with one phone call, a team of experts is available to augment your internal staff to analyze, assess, mitigate, and defend against the dangers presented.

ISA Cybersecurity has a fantastic retainer service that I’ve used in the past to provide that peace of mind. It can be part of your cybersecurity defense and response strategy too. ISA Cybersecurity can help you design and document your incident response plan, and they can provide a highly trained incident response team that is ready and waiting, 24x7x365. Imagine having experienced personnel who can direct the workstreams under pressure, assign a commander to run the incident, and bring tools, expertise, and practiced calm to help you manage an event.

BONUS! If you don’t suffer a breach and never place a call for assistance, your incident retainer investment isn’t wasted. When you renew for another year, the retainer hours you purchased can be converted into other ISA Cybersecurity professional services. Perhaps you need to improve your incident response plan? Do you need help in running tabletop exercises that familiarize executives and your team with your plan? Do you need an intrusion test? Any of these services and more are available according to your priorities. Your investment is protected – and the nagging feeling of paying for something you didn’t use is gone.

When you want to have a CIRT team waiting in the wings to mitigate the fact that your internal team will be overwhelmed – and maximize the value returned from your spend – then this innovative service is definitely worth a closer look. I love products and services that provide value and solve multiple problems. ISA Cybersecurity has created an innovative retainer service that provides value even when you are not using it.

For any size of organization, I encourage you to contact ISA Cybersecurity or click here to learn more. You have the power – and the responsibility.

 

Phil Armstrong is a Strategic Advisor for ISA Cybersecurity.
NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Contact Us Today

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.