In the immediate aftermath of discovering a cybersecurity incident, companies often face many questions and few answers amidst a frenzy of activity. What happened? What should we do now? What legal risks does the company face, and how should it protect against them? In this fast-paced environment, it can be difficult to coordinate the activity across an incident response. Well-intentioned actions by incident responders can easily expose the company to liability, regulator scrutiny, or a waiver of applicable legal privileges.
Instead of waiting to make critical incident response decisions in the “fog of war” that often occurs during the fast-paced events following the detection of a cybersecurity incident, organizations should think about how to respond before a cybersecurity incident actually occurs. Responding to a cyberattack can involve a wide variety of different stakeholders such as IT and information security personnel, forensic analysts and investigators, legal counsel, communications advisors, and others. Advance planning, including the development and execution of an incident response plan, allows a company to coordinate activities across a diverse array of different incident response work streams, and test that coordination. Below, this post describes some key steps companies can take to respond to a cybersecurity incident in a swift, efficient, and effective manner.
Continue Reading Preparation and Practice: Keys to Responding to a Cyber Security Incident