Why your incident response playbook is as critical as your infosec defence one
It’s all too easy to get caught up in the never-ending downward spiral that being an infosec professional often feels like. Between fighting the board of directors for more money and threat actors to keep them out of your networks and data, no wonder infosec workers are often hit by mental health issues.
I know about this from my own personal experience, and if you need help I heartily recommend heading for the Mental Health Hackers site.
But I digress. The attention of the board and the security operations centre can often be too tunnel-vision-focused on defensive outcomes when knowing how to respond when those defences have failed is just as, if not more, vital to the business.
We’ve all heard the “it’s not a matter of if but when” argument rolled out by a myriad of security vendors trying to sell you something, but the time has come to admit that the mantra is rooted in reality.
The UK government cyber security breaches survey 2024 revealed, for example, that 50% of British businesses had experienced a breach or attack across 2023. One in three charitable organisations too.
Of course, how you define an attack is key to all this and a debate for another time, so let’s just run with the numbers for now.
Phishing was by far the most common successful threat, hitting 84% of those businesses. Compare that to malware right down on 17%. This statistic alone tells us that malware defences are, on the whole, pretty good – and phishing ones, the human security angle if you must, pretty poor.
It also tells us that if you haven’t planned properly for when such an attack does hit, then your business isn’t doing all it can to protect itself from the potential incident fallout. Depending on business size, these cost anywhere between £1,205 and £10,830 on each occasion (according to that survey).
Guidance on communication after a cyberattack
Let me quote you wholesale from another UK government-backed body, the National Cyber Security Centre, which has just published new guidance on effective communication before, during and after a cybersecurity incident:
“During an incident, organisations often prioritise their technical response and relegate communication to a secondary consideration. But effective communication to staff, stakeholders, customers and the media is crucial for shaping how an organisation is perceived.”
I couldn’t have said it better myself, which is why I didn’t. I’m a communicator, and have been professionally for 35 years now, and cannot stress how important this is.
Whether you are UK-based or not, whether you are in management or not, whether you are on the periphery of cyber-strategy or not, please read this guidance and get those who are to do likewise. Believe me, you will thank me later and so will the board of directors.
Please, again, read the full report, but here’s the TL;DR…
- Prepare your communications strategy in advance
- Communicate clearly with different parties, and tailor your messaging where necessary.
- Manage the aftermath in the medium and long term.
Related news
Davey Winder
NEXT UP
James Palmer, VP of Sales at Seismic: “AI doesn’t hinder human-to-human relationships in sales”
We interview James Palmer, VP of Sales at Seismic, a leader with 20+ years of experience building global and regional go-to-market strategies
Are fintechs winning the fight against money laundering? An honest look at the effectiveness of current AML strategies
Are fintechs winning the fight against money laundering? The short answer is “it’s a work in progress” says Andrew Doyle.
Lenovo ThinkPad X1 2-in-1 Gen 10 Aura Edition first-look review
Our early verdict on the Lenovo ThinkPad X1 2-in-1 Gen 10 Aura Edition after getting “hands on” with it at Tech World ’24