We #StandWithUkraine, find out how to help here.
Last updated: 13.09.17

A step-by-step guide to cyber incident management

The last few years have seen businesses worldwide ramp up their investment in cyber security measures, reflecting the growing importance of digital data in modern corporate dealings, as well as the increased threat that cyber criminals pose.

These efforts are sensible and worthy of praise, but there's still no getting away from the fact that cyber security incidents can never truly be avoided completely. Every business will face them at some point, so their security strategy needs to go beyond prevention and include a plan of action for dealing with incidents when they arise.

Naturally, this can be a complex process, but by taking a methodical approach and putting the right procedures in place in a proactive manner, companies can reduce the damage that cyberattacks cause and ensure that any disruption is kept to a minimum.

Why is incident management so important?

A recent cyber health check report, published by the British government, indicated that a worrying 68 per cent of the country's top 350 companies have not received training to deal with a cyber incident, despite more than half saying cyber threats were a top risk to their business.

This is a concerning trend, as a failure to plan adequately for a cyber incident greatly increases the risk that the problem will not be identified and tackled quickly enough. This can result in prolonged system disruption, the potential loss of considerable amounts of data, and a subsequent serious impact on the business's reputation.

Moreover, a breach of sensitive information may additionally mean that the company finds itself falling foul of legal and regulatory reporting requirements, adding the threat of legal or regulatory penalties to all of the other risks. As such, it's essential for management to get a step ahead of this through planning thoroughly.

Five steps to dealing with cyber incidents effectively

Putting a robust process in place for handling cyber incidents can be made much more straightforward by following a few steps in a methodical manner:

1. Establish your incident response capabilities by providing the requisite funding and resources for this function, before taking the time to consider all the realistic risks that could occur and the procedures that should be followed when they happen. This step should include defining clear roles and responsibilities for those in charge of the process, establishing data recovery and backup capabilities, and deciding who in the company will be in charge of incident reporting.

2. Once the basics of the management process have been decided, organising specialist training sessions will help to ensure that everyone who needs to be involved in the process fully understands what their responsibilities will be and how the new system will work.

3. With the foundations now in place, it's time to test the management plans to see whether they function as expected in practice. The outcome of these tests should be considered carefully to make necessary improvements and refine the evolving process.

4. In cases where a cyber incident occurs, it's important to have processes in place to collate evidence on what happened, with a particular focus on examining the sequence of events that led up to the incident. This will make it possible for the company to identify the root cause and address it, as well as to conduct a lessons-learned review to assess what went wrong and what went right. Collating this data will also be essential when submitting information to law enforcement agencies.

5. Finally, the importance of raising user awareness of the need to report and prevent cyber incidents should not be understated. Wherever possible, users should be aware of their own responsibilities and briefed on how to report any potential incidents or security weaknesses - this can make all the difference in ensuring that companies are able to root out problems and respond to threats when they arise.

Summary: Dealing with cyber incidents is a challenging process, but one that can be made much easier by putting the right procedures in place in a methodical manner.


Related resources