IT incident response planning helps you recover quicker from network security events. Discover three tips for starting your response planning efforts correctly.
By 2021, cyberattacks will drive an estimated $6 trillion in total losses and costs. And businesses that believe their processes or training make them immune should think again: The 2019 Official Annual Cybercrime Report notes that every 14 seconds, a business is hit with a ransomware attack. It’s not a question of whether an organization faces network security or other IT incidents, it’s a question of when. Strong IT incident response planning ensures businesses of all sizes are able to weather those storms.
Incident response planning is the act of creating a procedure for technical staff to follow in the event of a security event or other incident that impacts the network. Common events that might trigger incident response plans include service outages that impact the business, loss of data, cybercrime or even natural disasters.
The response plan is the glue that holds IT processes together when normal resources and communication channels might not be an option. As such, it must be comprehensive, up-to-date, detailed and realistic. Some organizations make the mistake of assuming staff — both business and IT — will know what to do on a small scale, and their IT incident response plans subsequently become a high-level list of goals for recovery. It’s not enough simply to list aspirations for the desired state during and after recovery, though; organizations must create road maps that let them get there.
The three dos and don’ts below help enterprises get started on creating those road maps.
1. Do include a variety of SMEs on the planning team.
While the tech team may be responsible for carrying out IT responses to incidents, those responses serve the business and its customers. It’s critical to include subject matter experts from across the business so they can provide feedback about what their biggest needs would be following an incident. If IT can’t recover all data and functionality simultaneously, business owners must help prioritize the order of recovery to minimize the impact on downline workflows and customers.
2. Don’t make assumptions about what threats might be.
It’s tempting to create a plan based on preconceived notions about threats and their potential impact on the business. But blindly writing IT incident response plans puts organizations at risk of missing important potential threats or misconstruing how those threats might impact the business. Without preliminary auditing, IT staff might even plan a huge response to what is more annoyance than a threat (which wastes time and resources) while planning no response to an actual overlooked threat.
Begin the process of planning by:
3. Do include a communication plan.
While the meat of any IT response plan includes detailed documents defining actions to take in the wake of an event, organizations must also include a communication plan. That plan should cover who within the technical departments is responsible for launching the plan, how communication about the plan processes will flow and when and how issues should be communicated externally to business stakeholders.
Since network security or other events might compromise intranet portals or email functionality, IT response plans should always include phone numbers and other communication options.
IT incident response planning isn’t an optional task in today’s world, and since no business is immune from cyberattacks, every organization should plan now to engage in this effort.