In this blog we will look at why creating a Cyber Security Playbook is so important. We’ll explore a basic response plan, breaking down how an incident should be managed in practice. This will enable you to develop your own tailor-made plan. Whether your organisation is 10 people or 10,000, putting guidance in place on how to handle incidents will help you make good decisions under the pressure of a real incident.
Taking the time to create a plan will help you identify gaps in your incident handling capabilities. There is little room for error during a cyber-attack and your staff, technical and managerial, must have access to easy-to-follow actions during and after an attack to ensure that your organisation comes out unscathed.
So What is a Cyber Security Playbook?
The majority of organisations plan for fires, floods, and other incident that impact business resilience and careful planning for a cyber security incident shouldn’t be any different. The purpose of a Cyber Security Playbook, or Security Playbook, is to provide all members of an organisation with a clear understanding of their roles and responsibilities regarding cyber security – before, during and after a security incident.
Follow these simple steps to create your own Cyber Security Playbook.
Step 1 – Set up a Crisis Communications Team (CCT)
The CCT needs to be put in place prior to an incident occurring. Various levels of personnel and departments need to be involved to ensure company- -wide understanding and participation.
Step 2 – Create an Incident Response Plan
Following the establishment of the CCT, an incident response plan needs to be implemented, including a step-by-step guide of key actions to be taken in the wake of an incident. Investing in a response plan and employee training is a worthwhile investment, which helps to improve your organisation’s Cyber Security Maturity.
Step 3 – React Fast
As soon as an incident occurs, the incident response plan needs to be put into play. The goal is to handle the incident in a way that limits both damage and impact, both financially and to the reputation of the organisation. The CCT need to be communicating with the entire organisation, top-level down, so everyone is aware of what they need to be doing. The lessons and best practices learned from the drills and mitigation tactics from red team exercises need to be implemented.
Step 4 – Agree Messaging
In this day and age, it is difficult to keep news under wraps. Often news of a breach or incident will be disseminated by third parties; this is why having a clear plan and process is crucial. Working with the media relations and legal teams, the board needs to decide the messaging around the incident.
Step 5 – After an Incident
As the remediation element of the incident response reaches its final stages, damage control needs to begin. There will undoubtedly be consequences as a result of what’s happened, whether the impact is financial or reputational, this needs to be planned for and addressed in the right way for each business.