Procurement 15 November 2016

How small firms can create an effective cyber security response

cyber attack
Strong cyber security response requires clearly defined roles and responsibilities
Small business owners tend to be good at planning for success. But they should also plan for worst case scenarios especially in terms of a cyber-attack or breach, writes CyberArk‘s John Worrall.

As entrepreneurs battle with the daily challenges that come with growing and managing a micro business, they must not neglect developing plans for disaster recovery and continuity of operations.

As the cyber threat landscape has evolved, responding to an incident is no longer something to be outsourced and forgotten about. Every organisation, large or small, is targeted by adversaries, and some compromise is inevitable.

With data breaches or other incidents affecting more than just information or technology infrastructure, and impacting on the ability for a company to operate, small business owners must make sure they are prepared.

As noted in CyberArk’s recently released Global Advanced Threat Landscape Survey 2016, many businesses have adopted a post-breach? mindset, meaning firms operate under the presumption of a breach and have developed post-breach response plans.

In the survey of 750 IT and IT security decision makers, 95 per cent of respondents reported their organisation has a cyber security emergency response plan. That reads quite well.

However, digging below the surface we also learned that less than half of respondents reported that the plan has been communicated and is regularly tested with IT staff, and 40 per cent state that their organisation’s plan has only been communicated and regularly tested with senior IT staff.

So, if an incident does occur, do you have a strategy in place? Unlike larger enterprises that have dedicated teams to handle internal and external communications on the matter, micro-business owners may need to take more control.

There are several factors to consider. For example, how will you notify customers? And how will you handle employee communications if email and intranet services go down? At the very least, incident response planning should address the following:

Who is in charge?

A strong cyber security response plan requires clearly defined roles and responsibilities. Many organisations default this responsibility to the legal counsel, but crisis experts note that although lawyers should be available to advise, they are not the best choice to lead a response.

Effective incident response requires organisational and administrative abilities as well as technical knowledge if not hands-on technical skills.

The choice of this leader can vary depending on the organisation and the personnel available, but it should be someone with an understanding not only of the IT systems but also how they support your organisation’s mission and business operations. In a larger organisation, the CIO or CISO would be the best place to start, but in smaller companies, business owners will likely need to be more hands-on.

The important thing to remember is that, post-breach, clear lines of communication are required for prompt and decisive actions. Determine this in advance.