On average, mid-to-large-sized organizations are investing over 10% of their IT budget into information security programs aimed to protect their assets; and most importantly, their brand.
Gone are the days where these organizations would staff a handful of IT professionals to solely manage security-based tasks that were simply intended to keep the business running.
Information Security departments are now a complex mix of specialty groups like:
- Security architecture
- Engineering
- Identity management
- Application security
- Endpoint security
- Network security
- Email security
- Security awareness and threat intelligence
Each branch plays an important part in protecting the organization and responding when those protective measures are breached.
What does your organization need to do to protect itself?
Be Aware
For your organization to effectively combat the risks brought on by internal and external threats, you must infuse cyber security into your organizational DNA.
It begins with gaining executive leadership commitment to enable the information security program. This doesn’t simply mean committing the financial investment. Executive leaders need to embrace the fact that cyberattacks are only growing in volume and intensity.
It’s no longer if you will be attacked, it’s when and how severe. That is why, as information security professionals, it is our job to educate and prepare our leaders (both business and IT) for the potential challenges ahead.
Focus on Planning, Preparation, and Practice
Like any initiative, it is important to have a strategic plan on how to achieve your objectives. When undertaking the development of a cyber incident response program, it is again important to understand your cyber risk profile.
This will help you identify key stakeholders early and build the program through collaborative partnerships versus independent (and often ineffective) silos.
To learn more about cyber risk and impacts, please see our blog, Cyberattacks – The True Costs.
Once you have identified your key partners, it will be important to formalize an incident response team and plan. Historically, these teams have been referred to as Computer Security Incident Response Teams (CSIRTs) and they have been heavily focused on the initial actions taken by the Security Operations Center (SOC) to contain threats.
The increased requirements related to regulatory compliance, privacy, and legal mean that it is imperative that these teams take a new path. Rather than just looking at the time of event technical-focused incident response, organizations need to be prepared for all cascading risks that could be realized during and after a cyber incident. This is why it is recommended that firms develop a new response team called the Cyber Risk Incident Response Team (CR-IRT).
The CR-IRT will be a cross-functional incident response team that covers information security and IT, while featuring teams that will help mitigate other risks.
The core teams would include:
- Legal
- Privacy
- Compliance
- Communications / PR
- Human Resources
- Crisis Management
- Physical Security
- IT Security
- IT Operations
The CR-IRT will be your organization’s orchestrator for all major security incident response activities, both technical and non-technical, and it is typically chaired by the Chief Information Security Officer (CISO). Note, this team is not intended to replace the Crisis Management Team but will act in conjunction with that team to manage major cyber security incidents.
In order to be effective, it is not enough to simply identify the team and assume everyone will understand their roles and responsibilities. Your organization must develop a playbook(s) to define the actions that may need to be taken when a major cyber incident occurs. This includes the Who, What, When and How associated with those actions. Failure to document these actions, review them with team members and conduct periodic exercises validating their effectiveness can lead to a delayed response that will cause even further harm to your organization.
How We Can Help
At White Tuque, we believe the first step to protecting your assets is understanding your business and the associated risks. Using an advanced and risk-based approach that adapts to the evolving threat and regulatory landscape, White Tuque can become your trusted cybersecurity and resiliency partner.
To learn more about our services please reach out to us to schedule a free initial consultation.