How to effectively detect, respond to and resolve cyber incidents
It is essential that you prepare for an incident and practice the response. This may be as simple as rebuilding a few devices and restoring the latest backup right through to a major systems investigation.
Cyber incident response is not just an IT issue, it is a combined response of:
- People with the correct knowledge and skills
- The correct incident response processes
- Appropriate and timely communication
- Backup equipment and data
The level of complexity and the nature of any incident will determine how simple or complex the response needs to be. Running through the most likely scenarios is helpful in testing a planned response and building resilience.
A cyber security playbook can be developed to provide all members of an organisation with a clear understanding of their roles and responsibilities regarding cybersecurity – before, during and after a security incident. These can be developed for common incident scenarios that might be encountered.
The National Cyber Security Centre (NCSC) has a step by step guide to developing your cyber incident plan with the following steps and more:
- Triage
- Categorise the incident and escalate if required.
- Analyse
- Contain/mitigate
- Remediate/eradicate
- Recover
- Learn
- Practice
Take time to look at these and get prepared.