TechGuard Blog

Why you Need an Incident Response Plan

Imagine you are a big hotel chain getting ready to close a large acquisition. You're growing at a rapid pace, and everyone knows your name. Your reputation and name lends itself to professionalism and the trust to deliver a well-designed, modern, clean hotel experience with many desirable amenities. Your hotel is somewhere clients feel safe to bring family and they trust that your business transactions are secure. The next thing you know, the large chain that you recently acquired had a problem with security and now you are wondering how to handle a very large breach that occurred.

Perhaps you've heard of Marriot's Mega-Breach. Physical addresses, birthdates and passport numbers were exposed for up to 327 million people. Some of the information exposed included credit card information. Back in 2016 Marriot purchased Starwood Hotel & Resorts. In 2015, Starwood disclosed that they had an issue with malware but Marriot continued with the acquisition. This story brings to light the importance to recognize what might be at risk during mergers and acquisitions. Clearly Marriot's purchase included a breach and serious cybersecurity concerns. These attacks can result in business closure, cost millions of dollars and/or destroy your company's reputation.

What is an Incident Response Plan?

An Incident Response Plan is an organized approach with step by step guidelines for handling a security incident or breach. The goal is to incur the least impact for regular course of business to the company and to have a fast reaction time when something happens in order to minimize the damage.

Why is it critical for your business?

The fact is, breaches and security incidents are taking place every day. Attackers are becoming more advanced. You'll need to be prepared to act quickly if such an event occurs. You have worked hard to protect your reputation and to build a successful business. Many businesses do not survive these incidents due to a lack of preparation.

According to Ponemon, "77% of businesses lack proper incident response plans as well as sufficient budgets." Overall, companies are stating that they feel cyber resilient but when the plans are looked at in closer detail, they do not seem to be up to par. Half of the respondents stated that they did not have a formal and consistent incident response plan for their business.

The study also revealed that finding an employee with the necessary skills and expertise in incident response is next to impossible and retaining an employee with these skills is even more challenging. Fortunately, you don't need to hire a full-time incident response employee to protect your business. Consult with our Incident Response experts at TechGuard to create your incident response plan and be prepared.

Testing the IR Plan

It's equally important to ensure your Incident Response Plan includes various realistic scenarios. Different types of attacks require different types of responses. Consider if your plan includes third parties. Once plans are developed it's critical to test the plans. Practice table top exercises to understand various team member's roles in the response process. These exercises are a great chance to practice the "what if" scenario. One example of a "what if" situation is to respond as if a company laptop storing private information is lost. Ideally the team members will discuss the scenario and talk through the exercise. The exercise could take anywhere from a few hours to an entire day to execute.

How can TechGuard help?

We will work with you to develop a comprehensive and well-communicated Incident Response Plan that is customized to your individual business needs. We will help you minimize risks, protect your data and maintain organizational control of sensitive information. Your assigned TechGuard Cybersecurity Consultant will ensure your Incident Response Plan contains all the necessary elements and will develop and conduct a realistic security incident table-top scenario to exercise the documented plan.

At TechGuard Security we approach incident response planning by applying the Center for Internet Security (CIS) eight-step framework that addresses every aspect of an Incident Response Plan. This approach allows us to utilize an adaptable framework from which we can develop a customized Incident Response Plan to meet your unique needs. The Incident Response Plan will be presented via a collaborative session enabling all stakeholders to understand their responsibilities in executing the Incident Response Plan as well as giving the opportunity to provide feedback.