A study that was conducted by Ponemon Institute and sponsored by IBM Resilient and found that 77 percent of respondents admit they do not have a formal cyber security incident response plan. About half of the 2,800 respondents reported that they didn’t even have an informal response plan.
Of course, Ponemon and IBM have a vested interest in encouraging IT leaders to invest more in security, but even accounting for that reality, it’s clear too many orgaizations don’t have a formal cyber security incident response plan.
What does this mean? It means that if they are hacked, or held hostage by ransomware, they are likely to just run around in circles versus solving the problem.
Most enterprises operate on silos, and even core IT systems have boundaries that are set by politics and budgets. So, the lack of a master plan is often the result of that siloed approach.
Central IT should have the ability to create a security plan, including planned responses to breaches. However, lacking funding or sheer will, they often don’t. This includes the use of public cloud as well as traditional on-premises systems.
The public cloud is quite safe for what the providers do and manage. But those public cloud providers expect you to use the right mechanisms to secure your cloud-based workloads and data—which are still vulnerable to attack via your on-premises systems and through good old-fashioned hacking methods, from phishing to keylogging.
You need to make sure your assets in and access to the cloud are locked up properly.
I’m not a big fan of overplanning, but you should have at least a rudimentary plan in place to deal with attacks, both attempted and succesful ones. Trying to react to breaches on the fly only means more mistakes will be made in the panic—mistakes that could actually kill the business.
In the case of cloud computing, this means ensuring that there is redundancy of both processing and data. So, if anything is damaged (or ransomed), you can get up and running quickly as a first matter of response.
It also means having predefined procedures to recover from breaches, including communications and countermeasures defined in terms of the attack vectors and their appropriate responses.
The good news is that there are automated systems that can help you determine the right security responses to breaches, ransom, and other damage, and they can even be kicked off automatically.
Don’t wait for the last minute. Each response should be planned ahead of time and be well-defined. Trust me: The alternative sucks.