Why an Incident Response Plan is Critical

Learn About the Four Key Phases of a Plan

If a cybersecurity attack compromised your firm’s network, how would you respond? Would your firm go into full-on crisis mode or do you have a solidified plan in place to mitigate the damage? Data shows a majority of firms lack a definitive strategy for responding to a cyber intrusion.

A recent IBM report on cybersecurity resilience found 77 percent of respondents admitted they don’t have a formal incident response plan in place. This statistic is alarming, considering the average cost of a cyber attack exceeded $1 million in 2018, according to a recent report by cyberfirm Radware.

TalaTek believes an incident response plan is critical and necessary today to protecting your firm, not if, but when a bad actor penetrates your network.

Incident response planning allows an organization to establish a series of best practices to stop or minimize an intrusion before it causes damage. Typical incident response plans contain a set of written instructions that outline the organization’s response to a cyberattack. Without a documented plan in place, an organization may not successfully detect an intrusion or compromise and stakeholders may not understand their roles, processes and procedures during an escalation, slowing the organizations response and resolution.

Following NIST SP 800-61, there are four key phases of an incident response plan:

  1. Preparation: Training stakeholders on procedures for handling incidents or compromises
  2. Detection & Analysis: Identifying and investigating suspicious activity to confirm a security incident, prioritizing the response based on impact and coordinating notification of the incident
  3. Containment, Eradication & Recovery: Isolating affected systems to prevent escalation and limit impact, pinpointing the genesis of the incident, removing malware, affected systems and bad actors from the environment and restoring systems and data when a threat no longer remains
  4. Post Incident Activity: Postmortem analysis of the incident, its root cause and the organization’s response with the intent of improving the incident response plan and future response efforts

Be sure your team has the tools they need to identify and respond to incidents and compromises. TalaTek can help, contact us to learn more.

TalaTek is certified to deliver Incident Response services under GSA HACS SIN 132-45B.