How to Implement Effective Incident Response Plans to… | BeyondTrust

A day rarely passes anymore without hearing about another cyberattack, a new data breach, ransomware, extortion, or nation-state espionage uncovered by public and private sector security teams.

A recent research report by Check Point found that the number of cyberattacks increased 38% from 2021 to 2022, and other industry reports have note similar increases. The reality that security leaders face nowadays is that experiencing a cyberattack is a matter of ‘when’, not ‘if’.

In response to the rising risk that comes with facing potential cyberattacks, many organizations developed incident response plans. However, while some perform practice drills over their plan, many don’t. The 2022 Cost of a Data Breach Report found that, of the organizations with incident response (IR) plans, 37% said they did not regularly test them. That’s too bad, because, according to the same report, those who do drill their plans can save an average of $2.6 million on breach costs just by being more prepared and trained.

But as impactful as a data breach can be, there are worse attacks that can cripple operations, such as halting the delivery of products and services without the ability to estimate a recovery time. Ransomware attacks are one type of incident that can easily be called a cyber crisis.

When an organization faces a crisis level cyberattack, it will need an all hands on deck approach to strategically lead the response. That means covering all the necessary support from functional business units, taking care of customers, mitigating reputational impact, managing its human resources, and ensuring the organization remains compliant with regulatory demands throughout the attack’s lifecycle. A cyber crisis calls on executive leadership to take the reins, lead the charge with strategic business decisions, communicate effectively inwards and externally, and keep morale intact until the crisis is de-escalated.

Unfortunately, while many organizations plan for cyberattacks on the technical level, expecting response to be led and resolved from the CISO-level and downward, very few have plans for a cyber crisis that could threaten the very existence of their organization. If your executive team has not thought about the decisions it would have to make during a major cyberattack, if executives don’t have prescriptive plans they have helped create and know how to use, then your organization could stand to lose millions of dollars as a result of a crisis-level cyberattack.

To learn about the dangerous gap between security incidents and cyber crises, and how you can effectively address it, tune into this on-demand webinar.

Limor Sylvie Kessem, Senior Managing Consultant, Cyber Crisis Management

Limor Kessem is an Executive Security Advisor at IBM Security. She is a widely sought-after security expert, speaker and author and a strong advocate for women in information security. At IBM, she leverages her over 10 years of cyber risk and security expertise to provide counsel to CSOs, CISOs, and CIOs at the world’s largest corporations and governments. In addition to her work with IBM, Limor is part of the Tel-Aviv University Blavatnik Interdisciplinary Cyber Research Center, is a founding member of the Cyber Week FraudCon conference, and volunteers in the local chapters of OWASP and BSides. To follow Limor’s security feed on Twitter, please check out: @iCyberFighter