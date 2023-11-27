Dr. Alexander YampolskyCo-Founder and CEO of SecurityScorecard, a globally recognized cybersecurity innovator, leader and expert.

Cybersecurity incidents do not wait for an invitation. They attack when you least expect them.

As a former Chief Information Security Officer (CISO), I have seen the critical role incident response planning plays in the security of organizations. Simply put: prepare for the worst. Don’t wait for a significant cybersecurity incident. Stress test your incident response plan now.

The cost of dealing with cyber security incidents: lessons from high-profile breaches

A cyber security breach alone does not equate to a disaster, but mishandling it does. Third-party cyber incidents have increased in recent years, from hacks involving SolarWinds and Log4j supply chain vulnerabilities to the recent MOVEit file-transfer vulnerabilities.

Recent cyberattacks show how even a single chink in the armor can lead to a global digital wildfire. Cybercriminals are increasingly targeting third-party vulnerabilities due to the disruption caused by a single supply chain fault.

Although organizations acknowledge these threats, many still lack effective incident response strategies, especially when it comes to third-party vulnerabilities. The first 24 hours after discovery are critical, and organizations must be equipped to respond rapidly and systematically. Every organization is a potential target, which puts enormous pressure on CISOs to respond to cyber incidents.

I’ve seen the good, the bad, and the ugly of incident response practices over the years. Four best practices stand out:

1. Know the risks from your third (and fourth) parties.

A company’s attack surface goes beyond its internal networks and technologies – it includes its vendors, vendors’ vendors, customers, and partners. In early 2023, SecurityScorecard, in partnership with the Scientia Institute, conducted research that revealed that 98% of organizations have a relationship with at least one third-party vendor that was breached in the past two years. This statistic highlights that an organization’s security posture is only as strong as its weakest link. By failing to properly manage supply chain risk, organizations are opening themselves up to significant cyber risk.

2. Take prompt and informed action.

In the event of a data breach, a trusted organization will immediately notify its employees, customers, partners, and other associates that they may be affected and provide clear guidance on next steps. To do this effectively, CISOs should have a strategy template already developed that can be updated and executed immediately in the event of a cybersecurity incident. It should also include a plan for responding to inquiries from reporters and customers. Create an online resource with all emergency phone numbers, including legal counsel, forensic investigators, and backup locations. Clear documentation will prevent last-minute hassles during a crisis.

3. Stress test your incident response plan.

A strong incident response plan requires the right people and equipment in the right places, but it won’t work if the plan is stuck in time. Incident response strategies should be tested regularly to ensure that organizations are prepared to respond to real-world incidents. Security teams should include regular exercises that evaluate the effectiveness of their security protections and their level of preparedness. These include:

• Tabletop Exercise: Use a scenario-based methodology to test incident response plans. Highlight deficiencies and strengthen response time and readiness.

• penetration Testing: Simulate attacks with the goal of exploiting networks, computer systems, applications, and websites to expose vulnerabilities that are often impossible to detect with traditional scanning tools.

• Red Teaming: Simulate threat actors’ tactics, techniques, and procedures (TTP) to test how security teams, tools, and processes respond.

With these practices, organizations strengthen their security to significantly reduce the impact of a breach, helping them recover faster.

4. Cooperate for rescue.

Security teams face many challenges, including burnout, limited resources, and a shortage of skilled talent. Effectively managing cyber risk in the supply chain demands a unique skill set. This includes expertise in digital forensics, proactive threat hunting, and experience handling incidents in both the public and private sectors.

Cybersecurity experts can collaborate with consultants to provide the strategic and tactical capabilities needed for effective cyber risk management. Consider partnering with experts to monitor your digital ecosystem and the attack surface of third and fourth party vendors, as well as test your plan, and have a team on call for help in the event of a breach. Keep. Also, consider keeping a digital forensics and incident response firm on retainer. Just as you wouldn’t look for a new doctor if you’re already sick, it’s important to build an established partnership early on.

Building a Resilient Business: Prioritize Incident Response Planning

As the frequency and cost of cyber attacks continues to increase, proactive incident response strategies have become paramount. The practices outlined above are battle-tested, key steps I took during my tenure as CISO. By prioritizing incident response planning and integrating these practices, organizations can help weather the storm of cyberattacks, protect their assets, and ensure uninterrupted business operations. It’s time to strengthen your cyber security for a resilient future.

