Five ways enterprises can boost incident preparedness

Oct. 30, 2023
Security is not a primary area of expertise for most organizations so preparedness may fall outside its purview

Despite billions of dollars being poured into cybersecurity technologies and services each year, enterprises still lack confidence in their ability to stop cyberattacks and breaches. Boosting security defenses is certainly the need of the hour. If persistent threat actors are committed to attacking your organization, they will do so in short order. Not only should enterprises advance their security posture, but they must also prioritize their incident preparedness capabilities to ensure swift and efficient response and recovery from incidents.

Let’s explore some key steps and best practices that can help organizations assess and boost their incident preparedness.

  • Secure Leadership Buy-in
time: the first step is making leadership teams aware that a cyberattack can happen at any time; it is not a one-dimensional risk (i.e., data loss or IT disruption). Other risks that can impact the business include financial, legal, compliance, and reputational. Leaders must understand and accept these risks and help mobilize resources toward incident preparedness. When the message and directions come from upper management, employees tend to display urgency and a higher level of enthusiasm and commitment.
  • Build Awareness of Cyber Risk

Combating multi-dimensional risks need involvement, cooperation, and collaboration across a range of different teams and domains, for example, marketing teams, HR teams, and product teams, as well as business partners, law enforcement agencies, and regulators. Return to the basics, educate people on what you’re trying to achieve, ensure that they internalize it and understand that security is everyone’s responsibility. Explain how cyber preparedness is an ongoing assurance activity that complements other risk management efforts such as financial audits.

  • Run Cyber Exercises

Having an incident playbook in place doesn’t guarantee the enterprise is prepared for cyber incidents. Nobody carries a playbook in hand around the office. Instead, get people in a room where they don’t have access to their playbooks. Simulate a realistic incident, then measure the organization's effectiveness in responding to the simulated attack. Choose to run cyber exercises on a variety of scenarios such as a ransomware attack, insider threat, social engineering, cloud data breach, or supply chain attack. 

  • Provide Measurement and Scoring

Metrics help organizations measure and report incident preparedness qualitatively and objectively. Security teams can measure things like Activation Time (how quickly can resources be mobilized); Incident Management (how well the incident is managed; setting objectives and assigning roles) and Response Times (how well you performed against the test objectives). Organizations can try comparing their incident plans against peer groups to understand how well they stack up. Independent authorities such as the Information Security Forum (ISF) can supply industry benchmarking data.

  • Improve Processes and Crisis Management Skills

Cyber exercises not only help with assessing preparedness for security incidents, but they also help to identify gaps in defenses, policies, and processes, and improve critical thinking and incident-handling abilities in employees. Once security teams have tested all scenarios and evaluated existing incident response capabilities, they can plug the loopholes and weaknesses identified in their response mechanisms and playbooks. Security teams can consider enhancing crisis management skills by subjecting users to additional security training.

Navigating Limited Security Resources and Conflicting Priorities

There is a massive talent shortage in the security industry and organizations are always struggling with competing priorities. How to overcome this problem? One word: Outsource. Studies show that the trend of outsourcing cybersecurity services is on the rise, especially because it can be very difficult to attract, train, and retain cyber talent.

For most enterprises, security isn’t the primary area of expertise; incident preparedness often falls outside their purview. It is advisable to outsource these resources and entrust the task to specialists who can engage a workforce distributed across the globe. Collaborating with individuals who possess the requisite skills can be a significant advantage and a game changer for businesses.

To prioritize incident preparedness means adding capabilities that will go a long way to enabling swift response and recovery from security breaches. This involves securing leadership buy-in, building awareness of cyber risk among all teams, providing measurement, and scoring metrics, improving crisis management skills, and considering outsourcing cybersecurity services to overcome resource limitations.

Steve Durbin is Chief Executive of the Information Security Forum, an independent, not-for-profit association dedicated to investigating, clarifying, and resolving key issues in information security and risk management by developing best practice methodologies, processes, and solutions that meet the business needs of its members. ISF membership comprises the Fortune 500 and Forbes 2000. Find out more at Email: [email protected]
About the Author

Steve Durbin | global vice president, Information Security Forum

As the Global Vice President of the Information Security Forum, Steve Durbin’s main areas of focus include the emerging security threat landscape, cyber security, consumerization, outsourced cloud security, third-party management and social media across both the corporate and personal environments.

Durbin has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. As global head of Gartner’s consultancy business,Ste he developed a range of strategic marketing, business and IT solutions for international investment and entrepreneurial markets. He has served as an executive on the boards of public companies in the UK and Asia in both the technology consultancy services and software applications development sectors.

Durbin has been involved with mergers and acquisitions of fast-growth companies across Europe and the USA, and has also advised a number of NASDAQ and NYSE listed global technology companies. He is currently chairman of the Digiworld Institute senior executive forum in the UK, a think tank comprised of Telecoms, Media and IT leaders and regulators.