Everybody today is so busy with their day to day operations and duties, we often only focus on putting out the fires that we are faced with at any given moment. It is hard to find time to take care of “good housekeeping” items, let alone preparing for something that may never happen. Unfortunately, being the victim of a cyberattack is much more a question of “When” not “If.”
Building an incident response plan is something that every company should do immediately if they haven’t done so already. For companies that have a “Playbook” already, it is vital that you conduct exercises so the plan gets committed to “muscle memory” as much as possible.
One of the first items to define in your plan is the Incident Response Team (IRT) roster. Some members are obvious like information technology and security staff as well as the appropriate management up to and including the CIO and CISO. Other, less obvious members should be General Counsel, CFO and public relations. Network breaches are often the subject of costly civil litigation and definitely news worthy. It is imperative that messaging to regulators, investors, and customers is done in a timely, accurate and appropriate manner. Improper messaging can and has caused significant damage to brands and reputations.