When we talk to people about the different risks that their organisation might face, one of the events that has the highest likelihood, and would have the biggest impact, is a significant cyber-event. The worst-case scenario would be a ransomware event, where the bad guys lock you out of your systems and data, and (even worse) take a copy of your data, and demand a large sum of money to unlock the systems and remove their copies.
These events would obviously be extremely disruptive to all businesses and could have a massive impact on the reputation of the business involved.
For this reason, the cyber insurance industry has said that having an Incident Response Plan, and running regular ransomware exercises, is part of the minimum protection they expect an organisation to have.
Kinetics have been delivering both things to our customers.
The Incident Response Plan
The Incident Response plan is an important document to prepare your organisation for the worst. If a serious cyber event happened, what should you do? Who do you tell? When do you tell them? What do you say?
The Incident Response Plan outlines the roles and responsibilities and documents the main steps of the process you will need to go through should the worst happen.
Although it is related to IT, the Incident Response Plan is largely a communication plan, that ensures that the right people know the right information in a timely manner.
One of the keys is making sure you have a plan on how to communicate – how will you let your staff know what is happening if your normal communication methods like email or Teams are compromised? If you have an Incident Response Team how will they communicate to share vital information? Do you have everyone’s phone numbers on paper in a secure place?
Testing the Plan
If you have an Incident Response Plan in place (or even if you don’t!) it is important to test it. A bit like a fire drill, there is nothing like going through a simulated exercise to identify the shortcomings of the best plans!
Kinetics can run through a simulated exercise with your team, and it is fantastic to help you imagine what might happen, how you might react, and what mitigations you can put in place now (before the #### hits the fan!).
Following any exercise, typically there is a bit of work to update your Incident Response Plan, and your disaster recovery plan.
What next?
So, have a think about what you would do if you were locked out of all your systems for a week and a bad guy was demanding millions of dollars to get you up and running.