Best practices in preparing for a cyberattack

ArmorIn recent blog posts we’ve been closely examining a recent Gartner report, Prepare for and Respond to a Business Disruption After an Aggressive Cyberattack. The report recommends some excellent best practices for the preparation and planning phase, some of which we’ll look at in this post.

Establish a joint working group

Your computer security incident response team (CSIRT) and business continuity teams need to work together to identify gaps in your organization’s response and recovery plans, develop a joint remediation plan, and develop a process for continuous improvement.

Develop a single crisis management team for the organization

A crisis management team comprised only of continuity-minded executives will be inadequate to fully address serious business disruptions. You should consider adding CSIRT representatives.

Of particular importance, Gartner advises, both during and after a cyberattack, is how the crisis team manages communications to internal and external stakeholders.

Expand the CSIRT to include business continuity teams

A cyberattack will likely require your organization to respond in ways that are not “business as usual,” especially if IT services are compromised or unavailable. Expanding your CSIRT to include representatives from business recovery and disaster recovery teams will help.

Add a cyberattack scenario to your business impact analysis

“Adding a cyberattack as a scenario in the BIA,” Gartner says, “results in the one thing that most information security professionals don’t know as part of their spheres of responsibility: the impact on business operations due to the incident. The business should document the various life/safety, financial, reputational, regulatory/contractual and operational impacts on its operations if IT services are down due to a cyberattack. This is no different from a power outage or a fire that makes IT services unavailable and adds a much needed expansion of most BCM programs to 21st century operations.”

Review response and recovery plans against best practices

There’s no doubt any more, if there ever was any, that a cyberattack can result in major damage that may result. That’s why it’s increasingly important to establish a world-class response—one that’s integrated, coordinated by BC/DR and your CSIRT staff alike, and based on best practices. Gartner recommends conforming to international and national standards such as:

  • ISO 22320:2011 Societal Security — Emergency management — Requirements for Incident Response
  • ISO 22301:2012 Societal Security — Business Continuity Management Systems — Requirements
  • ISO/IEC 27031:2011 Information Technology — Security Techniques — Guidelines for Information and Communication Technology Readiness for Business Continuity, and others.

Many more best practices are explored in detail in the Gartner report—a free copy of which MIR3 is proud to be able to provide. Download Prepare for and Respond to a Business Disruption After an Aggressive Cyberattack today.