Cybersecurity threats come in many varieties – criminals, nation states, malicious insiders, ransomware, phishing, malware…the list goes on and on. But just because there are a lot of moving parts to cybersecurity, it doesn’t mean you can’t be prepared to respond to a data breach or other security incidents. If you’ve done your job correctly, you will never ask “now what?” when such an incident occurs, because you’ll already have an incident response (IR) plan in place that prescribes exactly what you need to do.
Cybersecurity IR is different from physical security IR, though. With physical security, the top priority is human safety, and then “catch the bad guy” is the second priority. So, you gather all your video and other pieces of evidence to help law enforcement find the perpetrator. Cybersecurity is different. Your top priority is mitigating the damage that’s been done, which may include getting the business back up and running. And, since the attacker is usually beyond your jurisdiction, it’s rarely a productive use of time to hunt them down, unless it’s an insider.
The good news is, it’s possible to put together a comprehensive and tested plan to effectively respond to cyberattacks. And, you don’t have to be a technical person to do this – you can be the facilitator of a cross-functional team that includes technical people (employees or consultants), as well as other relevant executives.