Page 38 - Delaware Medical Journal - March/April 2020
P. 38
How to Build a Strong Cyber-Incident Response Plan
Sharon Ruth Sophisticated, widespread,
and costlier than ever, recent
cyber incidents have shown
that corporations require more than a well-secured network and technology infrastructure to respond optimally to
an adverse cyber event. Regardless of
size or industry, businesses need a strong cyber-incident response plan (CIRP) that stakeholders should react to a cyber threat.
Recent studies show the longer it takes to detect, respond, and contain a cyber event, the key lessons from the 2017 data breach at the credit reporting agency Equifax, which, following one of the largest cyberattacks in U.S. history, was paralyzed by indecision and poor response execution. According to cybersecurity experts, Equifax, which lost
a total of $439 million from the data breach incident, had not invested in proper incident
management, did not have an effective CIRP, and lacked any policies and procedures to guide response requirements.
The cyber experts at The Medical Society of Delaware Insurance Services (MSDIS) are using the Equifax case and other similar real- world examples to help clients improve their of a cyber incident. Here are four critical tips to help boost any organization’s CIRP:
DECISION MAKING AND COORDINATION
During a cyber incident, many organizations rely on one or two key people with institutional knowledge to provide guidance and make critical decisions. This approach is a shortfall of incident response plans, leading to response failure if those decision makers are not immediately available.
It is critical to have a full team of individuals with strong institutional knowledge,
making authority, not just top executives
or IT representatives, but also legal, risk management, and physical security, to lead coordination of real-time information sharing and decision making across various business units within the organization.
The CIRP plan should also detail each person’s responsibilities during the event and detail step-by-step procedures to address the cyber incident.
DISCLOSURE AND PUBLIC RELATIONS STRATEGY
A good CIRP should contain a strong incident communication strategy that covers compliance-related issues, media communications, internal
86
Del Med J | March/April 2020 | Vol. 92 | No. 2