{"id":4040,"date":"2022-11-15T06:34:40","date_gmt":"2022-11-15T06:34:40","guid":{"rendered":"\/cybersecurity-blog\/?p=3088"},"modified":"2022-12-21T06:42:32","modified_gmt":"2022-12-21T06:42:32","slug":"3-reasons-why-you-need-an-incident-response-plan","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/3-reasons-why-you-need-an-incident-response-plan\/","title":{"rendered":"3 Reasons Why You Need an Incident Response Plan"},"content":{"rendered":"\n

Today, cyberattacks are frequent and indiscriminate, striking small businesses and large corporations alike. Research shows that over 60% of organizations worldwide have experienced a cyber security incident at least once, and over 50% of attacks targeted<\/a> SMBs.
<\/p>\n\n\n\n

Dealing with a cyber incident can be costly business. In a recent example, an attack directed at INRS \u2014 a university in Quebec \u2014 put the systems of this Canadian academy completely out of order. The cost of restoring them amounted to almost $270,000. 
<\/p>\n\n\n\n

But despite just how devastating these attacks are, 77% of organizations still lack<\/a> incident response strategies or apply them haphazardly, an IBM Security study shows.
<\/p>\n\n\n\n

Having no clear instructions on what to do during a breach puts security teams in a vulnerable state \u2014 it is unlikely that under stress such teams will perform optimally. And this means mistakes and exacerbated damages. 
<\/p>\n\n\n\n

One of the steps to correcting this is creating a cyber incident response plan.<\/p>\n\n\n\n

What is a cyber incident?<\/h2>\n\n\n\n

But before we jump into the details of creating a plan, let\u2019s first establish a definition to understand what constitutes a cyber incident.
<\/p>\n\n\n\n

NCSC defines<\/a> a cyber incident as a breach of security policy that compromises the integrity of the system or gives unauthorized access to a third party<\/strong>. 
<\/p>\n\n\n\n

There are many cybersecurity threats<\/a> capable of creating a breach. Here are just some, that small and medium businesses have to grapple with: 
<\/p>\n\n\n\n

  1. Malware<\/strong>: malicious programs such as trojans, info stealers, and ransomware<\/li>
  2. Phishing<\/strong>: social engineering attempts to trick employes into revealing login credentials or installing destructive malware<\/li>
  3. Password Hacking<\/strong>: gaining access by cracking weak passwords<\/li>
  4. Insider Threats: <\/strong>confidential information <\/strong>accidentally or purposefully leaked by employes<\/li><\/ol>\n\n\n\n

    Why do you need a cyber incident response plan?<\/h2>\n\n\n\n

    Here are 3 reasons why a cybersecurity incident response plan is crucial for effective defense:
    <\/p>\n\n\n\n

    1. It prepares you to fend off cyber threats<\/strong><\/p>\n\n\n\n

    And reduces the amount of damages incurred during incidents. Without a plan, security teams are forced to wing it every time they deal with a threat. This can leave them scumbling, not knowing where to look and what to search for. The result? Higher recovery costs.
    <\/p>\n\n\n\n

    2. You may be lawfully required to have a cyber response plan<\/strong><\/p>\n\n\n\n

    Depending on the jurisdiction and the type of business, creating a response plan might be a  requirement for you, not a choice. This is especially true for companies that deal with finance or personal data. For example, the California Consumer Privacy Act<\/a> (CCPA) mandates that companies have a cyber incident response strategy. It\u2019s also a must for the ISO 27001 certification.
    <\/p>\n\n\n\n

    3. It makes your defense more resilient in the long run<\/strong><\/p>\n\n\n\n

    With a cyber incident response plan, you will implement a policy of constant evaluation and reiteration. You will learn how to collect data during an incident, then, use the findings to harden your defenses. All of this will help avoid similar incidents going forward. <\/p>\n\n\n\n

    What is a cyber incident response plan?<\/h2>\n\n\n\n

    An incident response plan is a document that provides a systematic approach to handling different cyber threats. 
    <\/p>\n\n\n\n

    At the very least, the plan should outline how to prepare for, detect, contain and eradicate the threat. Then, restore the system to its pre-attack state while also hardening it. Finally, correct the errors that made the incident possible. 
    <\/p>\n\n\n\n

    But a great plan goes beyond just dealing with malware. It should also consider your communication, PR, legal repercussions, and even cybersecurity insurance<\/a>. 
    <\/p>\n\n\n\n