THE CRITICAL IMPORTANCE OF AN INCIDENT RESPONSE PLAN

Partners of OnCall Cyber™ and its CyberJuris Network providers were asked to comment on the importance of having an Incident Response Plan, especially as cyberattacks grow in volume and severity. What follows are several market drivers and compliance requirements that companies should take stock of concerning the imperative of having an at-the-ready Incident Response Plan (IRP), and a prearranged Cyber Crisis Team.

THE LEGAL LANDSCAPE: PARTNER EOSEDGE LEGAL INTRODUCES COMPLIANCE

Avoiding negligent acts or omissions is a universal obligation for all businesses. No business can ignore obvious risks, and the current cyberattack climate necessitates taking reasonable precautions. According to cyberlaw attorney Doug DePeppe of eosedge Legal: “According to multiple cyber leaders, the speed of a cyberattack and the effect of attackers gaining control of IT systems is down to hours, even minutes. The anatomy of a compromise and its immediacy no longer affords businesses any reaction time.”

The lack of reaction time underscores the need for preparedness, and what’s characterized as the equivalent of cyberattack fire drills – aka rehearsals and table-top exercises. OnCall Cyber™ includes these services to help customers maximize use of defensive resources during the reaction period of an attack, likely expanding their options to better defend the attack.

Beside the reasonable precaution aspect of an IRP, eosedge Legal points out a variety of compliance standards. Again, Doug DePeppe comments: “In the USA, various laws and regulations impose IRP compliance upon companies and are auditable by regulators, such as the Securities Exchange Commission (SEC), the North American Electric Reliability Corporation (NERC), SOC-2, HIPAA, the New York Department of Financial Services, and others.” In Europe, the General Data Protection Regulation mandates notification to the appropriate GDPR supervisory authority within 72 hours after learning about the incident.

Having an IRP in place and practicing it is now a common requirement. It is widely a matter of compliance and potentially auditable.

THE PRACTICAL CASE: PARTNER CYBER MARYLAND EMPHASIZES BUSINESS JUDGMENT

According to David Powell, a co-founder of Cyber Maryland: “We have been advocating preparedness and working with cyber-aware companies for over a decade. Our state and nation’s resilience and economic vitality is dependent on everyone doing their part to raise their cyber hygiene. Practicing the IRP is part of that preparedness.”

Beyond mere compliance, preparedness entails knowing the roles critical players in a company will play when attacked: who is the cyberlaw breach coach? What critical resources should the forensics team first check? Where is personally identifiable information (PII) processed and stored? The IRP identifies these tasks and roles, and ensures that the actions under the IRP are coordinated in advance.

When compromises occur within hours or even minutes, businesses no longer have the luxury to wait and see. A data breach is a bet-the-business risk nowadays.

THE PREPAREDNESS SYNERGIES: PARTNER SHORT ARM SOLUTIONS DISCUSSES RISK REDUCTION

Creating and implementing an IRP also triggers prevention benefits. Rick Mischka provided his insight: “A step in creating an IRP is inventorying various aspects of the company’s business environment, practices, and IT architecture. This process will invariably lead to identifying security gaps, which can be plugged.” The OnCall Cyber™ IRP is delivered at the outset of the customer relationship. While this step enables the Cyber Crisis Team and business to come to know each other and establish initial contact and trust, a direct outcome is also to help the customer become more resistant to a compromise.

Rick Mischka continued: “What I really like about the OnCall Cyber™ approach is the immediate interaction with the customer. As cybersecurity consultants, there are so many ways we can help make a business more resilient; but, it starts with dialogue and understanding their business. Delivering an IRP at the start of the relationship, and working alongside a cyberlaw attorney who is giving the client compliance guidance, together we’re positively affecting the business’ cyber preparedness.”

The partners of OnCall Cyber™ understand the importance of the IRP as part of an interdisciplinary approach to improved cyber preparedness. As the mantra in cybersecurity informs us all:  ‘It’s not a matter of IF, but rather a matter of WHEN a business will be attacked from cyberspace.’ With artificial intelligence being used to scale attacks, it is ever more accurate that every business will be attacked, often more than once. Accordingly, the reasonable approach to this risk is to have in place, and to exercise, an Incident Response Plan. 

ABOUT ONCALL CYBER™ AND THE CYBERJURIS NETWORK

The solution offered is a prepaid Cyber Crisis Team, entailing a cyberlaw attorney, an incident response team, and available cyber insurance. The IRP is but one of the deliverables included in this prepaid subscription service.  OnCall Cyber™ has teamed with the CyberJuris Network to ensure regional expertise is available nationally and internationally. More information is available at contact@oncallcyber.com and the company website.