To best survive a cyber-attack, have a response plan. Better still have a response plan that is tested and validated to match the needs of your organization. Gaining corporate agreement and buy-in to have a data breach response plan is just the start.
Organizations also need to ensure that it’s actionable and that they regularly practice and refine it. Without testing, your people will likely lack the knowledge and confidence to successfully manage an incident.
LRQA Nettitude have witnessed numerous plans that fall down at the first rehearsal as they are not truly embedded into the working practices of their employees. Incident response processes that live as a document and not in the mind provide a false sense of security. With the risk of a cyber-attack increasing – how confident are you that your organization’s cyber incident response plan would be effective?
Why Consider Incident Response Testing?
Your plan will be tested, sooner or later, during a real breach. Many organizations only discover the flaws in their incident response plans when they are trying to deal with an incident. If your incident response plan fails, there is a real risk of systemic failure in the investigation resulting in a chaotic and costly response.
A comprehensive incident testing programme can expose gaps in even the most seemingly robust of cyber incident response plans and provides valuable insight into whether the incident response plan actually delivers its stated aims back to your organization.
True cyber resilience can only be achieved through ongoing testing of your capability to detect and respond to security incidents.
There is of course more than one type of attack. LRQA Nettitude recommends your testing should simulate a combination of the following:
- External attack and data theft;
- Malicious insider or compromised user;
- Loss of employees or customer personally identifiable information;
- Physical loss of data or asset;
- Ransomware event or distributed denial-of-service disruption;
- Attack against the organization’s intellectual property or C-suite executives.
Even organizations with incident response plans in place are finding that the time to resolve incidents is increasing. This is largely due to organizations not testing their incident response plans, then finding that they can’t adequately address all the aspects of a genuine security incident.
How Does Cyber Incident Response Testing Help You?
Delivered as either a table top or simulated exercise, LRQA Nettitude’s expert consultants will guide your team through incident response plan development, allowing you to determine how thorough your plan really is, and what improvements could be made.
We will assess how your organization will:
- Identify the most relevant types of incidents
- Engage external service providers and business continuity processes
- Comply with Crisis management protocol
- Operate without invalidating your Cyber Insurance
- Enact the most appropriate containment strategies
- Communicate internally whilst maintaining confidentiality
- Notify stakeholders & regulators
- Comply with breach-reporting rules
- Handle the pressure an incident creates
LRQA Nettitude’s Computer Emergency Response Team (NCERT) have witnessed, first hand, how a poorly configured untested Incident Response plan can actually exacerbate the impact of a breach. With the right response, you can mitigate the reputational and operational costs of a breach.
A poorly executed response will only add to your reputational and operational costs.
Why Incident Response Testing from LRQA Nettitude?
LRQA Nettitude IR Response Testing exercises are designed to assess your response to both commodity and advanced (targeted) attacks. Advanced threats will often have different indicators, tactics and containment requirements, rather than typical incident response methodologies. LRQA Nettitude’s real-world experience in responding to these more sophisticated attacks allows us to present scenarios that reflect the actual techniques used by advanced threat actors. While fictional, the scenarios used in the exercise are based upon actual events or past experiences. As in actual events there may be “unknowns” and it may be necessary to make some assumptions or inject likely variances. The delivering Incident Response Consultant will facilitate and document findings resulting from the exercise.
At the conclusion of every test you will receive a detailed report covering:
- Exercise objectives.
- Scenario and response synopsis.
- General exercise performance evaluation.
- Issues identified, potential organizational impact, lessons learned, assigned tasks.
- Incident response plan recommendations
LRQA Nettitude’s IR Response Testing is suited for IT and operational security employees, or those responsible for owning and executing the incident response process.
Need help starting your plan? Why not use our IR Maturity Assessment service to assess your readiness first?