nordpass logo

The Importance of a Well-Rounded Cyber Security Incident Response Plan

Lukas Grigas
Cybersecurity Content Writer

Today, cybersecurity is a fact of corporate life. Any organization that wishes to be successful must be proactive in its digital security efforts. However, the topics of cybersecurity in general and incident handling in particular are still puzzling. Where should an organization start? What’s a cybersecurity incident? How should organizations approach the management of such incidents? In a recent NordPass lead webinar – Are you the next victim of a cyberattack? Become bulletproof. – industry experts Domantas Jankauskas, Business Continuity Manager at Nord Security; Freda Kreitzer, ex-Facebooker and Head of IT at Bolt; and Vilius Benetis, Director at NRD Cyber Security discussed these topics and more. Here’s a quick recap of the webinar.

What is a cybersecurity incident?

The National Cyber Security Centre (NCSC) defines a cyber incident as a breach of a system's security policy in order to affect its integrity or availability and/or the unauthorized access or attempted access to a system or systems; in line with the Computer Misuse Act (1990).

Put simply, a cyber incident is an event that indicates that an organization's systems or data may be compromised. It is important to note that a cyber incident is not the same as a data breach. Unlike a breach, a cyber security incident doesn’t necessarily mean information is compromised; primarily, it means that information is threatened.

Here are types of activity that are commonly recognized as being typical in a cybersecurity incident:

  1. Attempts to gain unauthorized access to a system and/or to data.
  2. The unauthorized use of systems for the processing or storing of data.
  3. Changes to a system's firmware, software, or hardware without the system owner's consent.
  4. Malicious disruption and/or denial of service.

Given the increase in the number of cyber attacks and their ever-increasing sophistication, being prepared is crucial. Organizations need to prioritize investing in cyber security solutions to mitigate possible risk but also need to craft company-specific response plans to ensure that the organization is resilient to high-risk attacks.

What are the differences between minor and major incidents?

Minor incidents are usually less severe in nature than major incidents. In most instances, such incidents don’t pose an existential threat to the affected organization. However, often minor incidents can stay under the radar, and this is where the situation can get out of hand. Minor incidents can easily snowball into something much more severe – a major incident. Often a minor security incident indicates the fact that there are issues that should be attended to at the very core of the organizational security infrastructure.

Consider major incidents as the polar opposite of minor ones. Such disturbances are urgent and almost always have an immediate negative effect on organizational operations. Take, for instance, a ransomware attack, which is more than capable of shutting down any organization in a matter of hours. For the most part, major incidents require a firm pre-planned response. This reason is why any modern-day organization should have a well-rounded response plan in case of a cybersecurity emergency.

  • Having an incident response plan in place is super important. No company should be arrogant and think they are exempt. Most attacks are external and not necessarily internally based.

    Freda Kreitzer, ex-Facebooker and Head of IT at Bolt

Are some industries more vulnerable than others when it comes to cyber crime?

  • We should understand that it's a zero-trust environment across the entire landscape. Everyone’s at risk for attack. Of course, there are vectors and companies that are more at risk, for example, financial or government institutions. But every company and every organization is at risk.

    Freda Kreitzer, ex-Facebooker and Head of IT at Bolt

What do you need to start incident handling as a process?

  • Try to be as proactive as you can be as a company. That involves training, presentations, and documentation. – For some companies, writing over talking works way better, especially when in a remote environment. When companies also scale quickly, everything has to be written down and referenced.

    Freda Kreitzer, ex-Facebooker and Head of IT at Bolt

Here are the key elements to help you start cyber incident management as a process.

  • Documentation

    Documentation should be a starting point for any organization working out their response plan. Documentation should include the definition of what a cyber incident is, provide guidelines for reporting the incident, and define the roles of the key stakeholders.

  • Awareness

    Cybersecurity training is a must in this day and age. Invest time and resources to train and educate employees on the best cybersecurity practices. Doing so will not only help with risk mitigation but will prove incredibly useful in a potential emergency.

  • Widely accessible tools for protection and analysis

    Invest in cybersecurity tools to have adequate protection in place at all times. Unfortunately, even the best tools can’t guarantee absolute security. Therefore, analysis tools are critical. If a security incident occurs, such tools will prove beneficial in analyzing the core issues that could use improvement.

Why is data collection important and how does it further investigation efforts?

  • What’s the point of data collection? To reduce the negative impact of incidents towards business operations.

    Vilius Benetis, Director at NRD Cyber Security

  • Why investigate and be transparent? Well, you become a better company. It makes you a stronger company as others may notice the gaps and help you out with advice for the future based on their experiences.

    If you continue to have the same incident even if it’s a small one, you may not have the company anymore.

    Freda Kreitzer, ex-Facebooker and Head of IT at Bolt

Data collection and analysis after a security incident is essential. Here’s why:

  • It aids in creating process catalogs.
  • It helps in crafting control mechanisms.
  • It helps in identifying weaknesses and root causes and improving your overall security posture.
  • It helps to develop business continuity plans or crisis management plans.

Get webinar recording now and start becoming bulletproof

Cybercriminal activity is on the rise and is only expected to increase. After all, today, it is the most lucrative criminal activity. The cost of breaches and other cyber attacks has also consistently risen over the last few years. Organizations must accept the reality that things will go wrong. But when they do, the impact can be minimized with the help of well-crafted response plans. Fail to prepare and be ready to face devastating consequences. Listen to the recordings of our full webinar and get expert insights on how you can start crafting your incident response plan today.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.