Incident Response Plan Need an Update?

By Mike Raia | Published February 5, 2019

In Brief

  • There's a 27.9 percent chance that your organization will be victim of a data breach in the next two years.
  • Incident response plans must keep up with external and internal changes to mitigate repercussions.
  • Automation can ensure standardization, compliance, and rapid response by the right people.

Incidents Will Happen. Are You Ready?

Look at your incident response plan the same way that a company should view its business plan. In the ideal world, the business plan you review at least once a year to see whether you're hitting your benchmarks. This allows you to judge your progress, correct your process where it doesn't work, and create new goals as the company grows. Of course, we know that many companies don't even use their business plans. They might have been created to gain funding or in the initial planning phases, but then they sit in a file to rarely be revised or considered.

incident management planningIf your company isn't regularly updating your incident response process, it's a high-risk mistake. According to the 2018 Global Cost of a Data Breach Study, there's a 27.9 percent chance that your company will experience a data breach in the next two years. What happens if you have an out-of-date response plan in place and your company becomes a statistic? Panic—which often leads to poor decision-making and further errors.

Security breaches can be exceptionally costly, more so when they're not repaired immediately. There can also be long-term costs to the company, such as a loss of customer loyalty. This, by the way, should be considered within your incident response plan—how to get in front of the information to salvage and increase your customer's trust with a prompt, transparent response.

Information security threats continually evolve. Your team members and company landscape also change from year to year. Your incident response plan must keep up with external and internal changes to mitigate repercussions.

Building and Updating Your Incident Response Plan

Your incident response plan should include contingencies for every known scenario. This is why it's important to keep working with the plan—known scenarios change rapidly as new threats emerge. Here's another thing that your IT team knows all too well: you need to incorporate previous mistakes into plan upgrades. You can write and launch the most thoughtful and elaborate security response, but attacks rarely follow the blueprint we think they will. It's important to include every lesson learned in the real world, as well as the information we've gleaned from others' mistakes.

Your current incident response plan might be extensive and cover a wide range of possible scenarios. That makes it more difficult to fine-tune and determine where upgrades are needed. 

Here are a few important things to consider every time you assess your plan:

Critical Systems and Key Assets

Your response plan should include all of the systems that are important for the continuity of your business. As we know, these assets can change over time. New systems must be identified and prioritized in your plan. This way, your response team will always have an up-to-date record and exact protocol to follow for all the affected systems that might be compromised.

Updated Possible Threats

Currently, cryptojacking is the most common threat facing most businesses. A few years ago, it was ransomware (which has now made a comeback). Each cybersecurity threat will need to be guarded against in specific ways. Since hackers are constantly coming up with new ways to beat security measures, your plan needs to evolve to update individual threats and include comprehensive plans for defense. You should also identify the level of the cyber attacks and the team members involved in the response - obviously, some threats don't warrant the same level of response as others will. Threat intelligence will be key.

Keep Your Internal List of Contacts Current

Each type of breach should trigger an individual response. This might start with the notification of your response team members and branch out to applicable executives, shareholders, employees, and possibly even your public relations team to handle the message to the media and personal contact to impacted customers. To get ahead of an emergency, drafting email templates for each party can cut downtime and help your team to stay on message.

Don't Forget to Address Internal Security Issues.

If your entire plan centers on nefarious external forces, you're missing the forest for the trees. Employees continue to pose the biggest security threat to your company through human error and malicious intent like phishing. Employee access requests should be monitored and tracked, especially concerning clearance for sensitive records and critical systems. It's also important that you maintain security protocols to limit access immediately when employees are terminated via a standard offboarding process. Often these breaches are the result of simple error or negligence. Your plan should include a clear protocol to determine where the security issue originated. This prevents reoccurrence and aids in future employee training.

Automate Your Incident Response Process

Whenever there's a security incident, the priority is to ensure the business can operate effectively to serve the client base. You don't want your website offline for an extended period of time. Your business can be crippled when integral processes are compromised to the point that you'll lose hours or even days.

Priority one is making sure that you can return your business to full function. The following steps include documenting the incident, repairing any damage, and handling the communications so that your incident doesn't become a public relations nightmare.

Your incident response plan has many moving parts, and it all needs to be carried out impeccably and immediately. This is why an automated incident management process makes the most sense for your business. Automation of this process allows for quicker response time and less room for error. 

In the case of a threat, your automated process would bucket the threat by the level of the breach. For instance, a critical breach would go directly to the highest level response team for immediate action. Each action in the workflow would set off the next response to ensure that the proper actions are taken.

If you're not prepared for a security attack, the initial reaction is often wrong. There are adrenaline rushes and panic involved in trying to mitigate threats without warning or protocol. An automated response allows your team to follow a protocol that can help them think through the entire process more thoroughly and efficiently.

securty   cybersecurity   incident response   automation  

Business Ideas  

Mike Raia

Marketing the world's best workflow automation software and drinking way too much coffee. Connect with me on LinkedIn at