The number, sophistication and severity of cyber attacks is increasing, and any business handling customer data, which can be easily monetised, is a top target. A data breach will almost certainly put your reputation in jeopardy, so it's vital to be prepared to handle the incident itself, and communicate the event internally and externally. Since crisis-driven decisions will only worsen the impact, now is the time to put an incident response and disclosure plan in place for your business, and ensure everyone is aware of the resilience measures you have put in place.
Building an appropriate cyber security response plan
Tip #1: Know what you're protecting and why
Draw up a complete inventory of your IT assets, so you can see what systems and data are at greatest risk, and prioritize their protection according to how critical they are to delivering business outcomes. A business impact analysis (BIA) will help you determine what sensitive data needs defending and why. Evaluate the potential fall-out from an attack that exploits a moderate or severe security hole – that should include the costs of data loss, reputational damage, legal fees, customer abandonment and extended operational disruption.
Tip #2: Working out what's just hit you
The faster an attack is detected, the more successful your damage limitation measures. The longer it goes on, the more information can be stolen. Incidents don't generally emerge fully-formed – they tend to start off as a series of indicators. So define the parameters, severity and standards for when and how an incident is declared. Also consider how you will preserve any evidence while containing or eradicating threats.