While talking about Cyber Security, the focus is normally towards solutions to detect and prevent cyber-attacks. Considering the pervasive and prevalent nature of cyber threats, it is very natural for enterprises to focus on proactive solutions to prevent attacks. However, companies must also pay equal attention to defining a cyber-attack response plan.
A cyber-attack response plan is equally important in the overall cyber resiliency strategy of any company.
The most important aspect of a cyber-attack response plan is to have one. The speed and method with which an enterprise responds to a cyber-attack determines and to a great extent limits the damage and liability the attack will incur.
Like the solutions to prevent cyber-attacks, there is no “one size fits all” response plan. Some common parameters that should be considered while defining a response plan:
- Scope and coverage: Identify the areas of exposure. It can be data, applications or infrastructure.
- Impact Identification: Determine the “what-if” situations to identify the impact and potential ways to limit and contain it.
- Identify the team and resources: Determine the team and the tools and resources that are required to handle cyber threat response. This will ensure that the right people will act at the right time.
- Cover all bases: The plan should cover means to isolate, contain, eradicate and restore. This is needed to ensure that not only is the impact limited, but the business is able to restore back to normal without significant downtime.
- Training: Adequate training on the implementation of the plan to everyone concerned. Like a fire-drill, it is important to carry out exercises to determine effectiveness of the response plan.
- Legal aspects: Aspects like retaining evidences and audits of the response plan are important from a legal standpoint. Reporting is also equally important. These too should be a part of the plan.
Conventional warfare rightly gave the importance to both – a good defense but at the same time a good plan to handle any attack. Cyber warfare is no different.