Why Your Incident Response Plan Can't Wait Any Longer
Between record-setting natural disasters, Covid-19, and an influx of cyber attacks, it is evident that organizations must focus on their disaster recovery and backup strategy. Read on to learn more about why and how to protect your data, technology, and business for the unexpected.
For decades, conducting an Incident Response Plan (IRP) and acting it out in realistic “tabletop exercises” has always been an IT department goal, but often sacrificed for other priorities. The scenarios would often be centered around mother nature, a fire, a hurricane, or a tragic accident involving the IT administrator. The truth is, however, that many businesses could go a lifetime before experiencing one of these scenarios in real life. For many, the time and resources spent in preparing a comprehensive IRP simply did not seem worth the small probability of an incident actually occurring.
But that once small probability is growing. Organizations no longer need to only plan for the occasional and elusive natural disaster, but the dangerous and expensive cyber-attacks which have been targeting businesses, of almost every industry and size, across the world. Business continuity planning is no longer simply a matter of ensuring backups at an offsite location. It is now about instantly moving to a remote workforce or identifying business production reliance on systems.
Bottom line, incident response planning has never been more relevant.
Previously, most IRP conversations centered around preventative measures to help keep the bad actors at bay. However, the ease of spreading malware, seen with the rise of Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS), has shifted the question from "if" to "when". Businesses now must consider how to limit damages in the case of an incident and rebuild operations efficiently.
“Every single corporate executive needs to be convening their cybersecurity teams and business resilience teams today ... to improve their security posture, but most importantly their business disruption policies.”
Former Director of Cybersecurity and Infrastructure Security for the Department of Homeland Security
This message was delivered to the entire world on The Today Show by Christopher Krebs, former Director of Cybersecurity and Infrastructure Security for the Department of Homeland Security. In the interview with Savannah Guthrie, Krebs instructed, “Every single corporate executive needs to be convening their cybersecurity teams and business resilience teams today ... to improve their security posture, but most importantly their business disruption policies.”
The need to properly protect and retain data may be obvious, but the more important question of how to do so is less clear. Take, for example, data backups — Yes, you need to backup your data, but how you back it up makes all the difference. Are your backups encrypted? How much time would it take to restore those systems and retrieve your data? What is the retention policy? The list continues.
Centre Technologies focuses on four main components to build a foundational and foolproof incident response plan:
Clean copy of dataOrganized and updated data is routinely backed-up according to your business's budget, size, and needs. By default, Centre's IT experts recommend the standard best practice of the 3-2-1 model, 3 copies across 2 locations with 1 offsite or locked.
Proactive threat huntingAdvanced and "always on" threat detection and response technology is utilized to catch and remediate threats before they inflict damage or jeopardize technology and data beyond return.
Visibility into security gapsComprehensive security assessments and/or advanced security scanning detects vulnerabilities and pain points in current IT security posture so businesses can build an effective and efficient plan moving forward.
Cyber insuranceA partial, but necessary, component of IRP to financially protect your business from risk and liability in the event of a disaster or attack.
Need help strategizing or optimizing an IRP? Contact us for assistance in identifying where to focus investments and how to ensure your business and data is protected no matter the circumstance.