Cybercrime is an ongoing topic which makes headlines all too often, and it won't die down any time soon. From ransomware attacks to data theft, cyber threats can have a colossal impact on business operations.
Many organisations may argue that they have cyber security policies and product-solutions in place. However, due to the unpredictable and everchanging nature of cybercrime, which can paralyse even the largest of enterprises, IT teams cannot grow complacent.
Although it is generally expected of the IT team to manage cyber security incidents, these incidents are not just an IT issue and may require a different set of skills to the traditional IT service desk approach.
According to Wolfpack Information Risk, as a starting point and at the very least, organisations can action the following steps in order to manage cyber incidents and related events.
Stakeholders - IT decision makers need to identify key stakeholders and their roles both internally and externally - including business, legal, IT, risk, compliance, HR, marketing and corporate communications - as well as external parties, which form part of the cyber crisis management team.
Awareness - Reporting of potential weaknesses or incidents needs to be simplified for the organisation's users and other stakeholders. For e.g. distribute and communicate an easy-to-remember telephone number or email address.
Logging an incident - Most companies have an established service desk that can be enhanced to become the central place to capture and perform the first level of analysis for cyber incidents. Their role should include logging and escalating the incident to the nominated incident handler depending on the severity of the incident.
Incident process - At the least, organisations need an incident management plan that outlines key role players and a general process to follow, which is aligned to their business continuity or disaster recovery plan. For inspiration, IT teams can review guides from the international incident management standard ISO 27035.
Battle guides - Since not all incidents can be planned for, Wolfpack recommends creating broad incident categories requiring a similar approach and common team members (E.g. fraud related, loss of sensitive data or denial of service). IT decision makers can then flesh out a suitably detailed procedure and a one-page battle guide that summarises key steps to be taken during the incident lifecycle. Pre-approved communication (preferably approved by a legal practitioner) for various stakeholders - internal, customers, press, regulators - is recommended.
Incident Categories
Testing - Using the team and battle guides mentioned above, organisations can explore "worst-case" scenarios through table top or simulation exercises facilitated by external providers, which will ensure that the key team members have a basic understanding of steps to follow.
Wolfpack assists companies to accelerate their incident management programme through a facilitated approach providing the necessary documents, processes, awareness and now, in partnership with CYBERGYM, an arena to transfer skills to detect and respond to realistic cyber security incidents.
Incident Management Framework
CYBERGYM
CYBERGYM has developed a global network of integrated cyber training and technology arenas to test an organisation's systems, processes and people capabilities against cyberattacks. CYBERGYM conducts cyber-warfare readiness training for governmental and private enterprises. It focuses on the weakest link in any emergency response system - the people who run it.
Wolfpack specialises in business-aligned information risk and cyber threat management services and covers the full spectrum of prevention, detection, incident management and resilience requirements. In 2018 Wolfpack established the first African CYBERGYM arena in Johannesburg to help prepare management and technical teams to fend off real-time cyberattacks.
To find out more, visit the Wolfpack Information Risk website.
This article was published in partnership with Wolfpack Information Risk.
