Responding to a Security Incident
You’ve done everything you can to protect your organization from attacks. You’ve installed firewalls, antivirus, perhaps even segmented your network, and of course, you’ve educated everyone on how to recognize phishing and other attack vectors. However, you also know that this does not guarantee that you will stay safe from attacks such as ransomware. Attackers can exploit (or break) even the best security protection.
If (or when) that attack occurs do you know how you will respond? Have you defined all the roles and responsibilities of your incident response team (IRT))? Do you have a documented plan that discusses how you will isolate the incident, remove it and recover your operations? Have you decided if you will pay a ransom or try to recover from your backups?
These and other questions need to be answered before an incident occurs otherwise you could be running around not knowing who is supposed to do what and how they should do it. Other factors need to be understood, such as the role of your cyber insurance company and law enforcement.
Perry Group has worked with municipalities such as the County of Middlesex, Essex County, and the Town of Innisfil to look at their incident response posture and help to develop a plan that includes all of the above and also escalation procedures, incident categorization and post-incident activities.
Some of these municipalities have conducted tests of the plan to make sure it works, and as a result, made appropriate adjustments. These tests are usually in the form of tabletop exercises and are essential to validate and update the plan. These tests are also a good learning experience for the team, helping to ensure everyone is prepared for their role if an incident does occur.
In the broader view, an Incident Response Plan is necessary for any significant incident and may be able to be used as part of a disaster recovery plan as well. In fact, in today’s world, many municipalities are finding it challenging to obtain cyber insurance without a disaster recovery plan and an incident response plan.
Perry Group can help you create your plans using our experience and what our municipal clients have learned through developing and testing their plans.