Page 20 - The IT Guidebook
P. 20
WHAT IS AN INCIDENT RESPONSE PLAN?
In the image below, the “BOOM!” represents the incident itself. It could be any type of
cyber incident, including the one we just described, but it could also be a natural disaster
like a hurricane or flood, a terrorist attack, a sudden death or absence of key personnel,
or any incident that severely impacts your operations. For purposes of THIS article, we
are focusing on cyber incidents such as account compromise, data breach, ransomware,
and extortion. A company that does not already have a cybersecurity incident response
plan (IRP) should strongly consider engaging with a consulting firm who has expertise
to develop a detailed plan. A consulting company will ensure that there are no critical
omissions that could cause the plan to fail during a real live incident. It is always better to
plan and be prepared. Remember, if you are locked out of your system, make sure you can
still access your IRP which should be stored out-of-band and accessible during an incident
response.
INCIDENT RESPONSE PLANNING
IMAGINE THIS:
Y ou’re the Executive Director of a $5 million dollar nonprofit organization. It’s 6:30
AM on Monday morning and even though you wish you were still sleeping; you
are logging into your email to follow-up with some donors. You get a login error
message, wrong password. You’re still waking up, you probably typed it wrong. You take
a sip of coffee and type in your password again. Wrong again. Another sip, another try.
OK: now you are SURE you are using the right password. You pick up your phone and as
soon as you unlock it you see that you have a bunch of unread text messages. Your phone
starts ringing - it’s your trusted and incredibly competent office manager, calling with some
bad news: no one can login and it appears you are under attack. Hackers apparently want
a specific sum of money to unlock your email accounts. This is a nightmare though you
are surely awake.
Your brain starts working and you ask if you can “just call Google and have them reset our
accounts or something,” but there’s more bad news: the hackers reveal they have personal Please note that the items listed left of boom are not meant to be a comprehensive list of
information of all your donors and will leak it on the dark web if payment is not made. As protections - there could reasonably be dozens of items listed there - we are just listing a
the Executive Director, you are being asked: “What’s the plan?” few of the major ones.
Was your plan that this wouldn’t happen to your organization?
CONTINUED ON NEXT PAGE
19 20
