Skip to main content

The actions that you take during a cyberattack can affect the speed and strength of your recovery afterwards.

What happens when cybercriminals actively bombard your business defences? Or worse, when they find a way to override your security protocols and penetrate your systems? Sometimes, even the best precautions aren’t enough to impede the rogue actors lurking in the darkest corners of the internet. That’s why a detailed incident response plan is imperative. Here are five things to consider when you’re formulating your strategy…

1 | It pays to be proactive

Cyberattackers are targeting corporate digital assets – repeatedly, and with diverse tactics. No industry is immune. No business is immune. And the fallout is not purely financial: recent intelligence reports have highlighted the risk to brands, reputations, and relationships.

If you accept that a security incident is probable, if not inevitable, then you can make advance preparations to limit the damage to your business.

2 | You need the right team for the job

Your IT personnel will have critical roles to play in the midst of a cyberattack, but they won’t be the only staff members with key responsibilities. It’s important to assemble a multifaceted incident response team that includes:

  • technical professionals to analyse the problem, assess the impact on the business, implement remedial solutions, and monitor system integrity in the immediate aftermath of the attack;
  • public relations officials and spokespersons to handle internal and external communication and messaging related to the incident; and
  • lawyers to provide clarity on the legal implications of any action (or inaction) related to the incident.

The size and structure of your team should be determined by the scale and complexity of your organisation. Enterprises might need interdepartmental hierarchies of responders to co-ordinate efforts in different regions; mid-market businesses in single locations might need only a handful of specialists to address the issues at hand. Define individual roles and responsibilities so that they’re clear to all team members.

3 | The paperwork is necessary

Every second counts in a crisis scenario, so make sure that your documented incident response plan is easily accessible. Core team members should have hard copies (printed versions) stored securely. The digital master document should ideally be stored offline on a standalone machine: if the cyberattack in question is a network breach or disruption, there’s a chance you won’t be able to retrieve the digital file from a network location.

4 | Communication counts

Your response team should be ready to communicate with a wide range of stakeholders, including employees, partners, suppliers, customers, board members, investors, shareholders, competitors, and the media. Interested parties will want to know how you’re responding to the cyberattack – and they’ll expect regular, in-depth updates that address their respective concerns.

Remember to consult your legal advisors regarding any communication obligations you may have as a result of local or international law. South Africa’s POPI Act and the European Union’s GDPR, for example, are pieces of legislation that deal with data privacy.

5 | There will be lessons to learn

In triage mode, your team will be focused on problem-solving and damage control in line with the incident response plan – but a successful cyberattack should warrant a full investigation of your protocols and procedures. Plan for a review of your cybersecurity initiatives, or call in specialist consultants to put your playbook under a microscope.

This article was originally published on BUI.

Leave a Reply