Secure your business

Planning your response to a security incident before it happens

  • Keep incident response rehearsals “real” to engage your senior leadership team and non-technical stakeholders.
  • Incident response plans need to be kept current, including new workflows, responsibilities, technologies and vendors.
  • Red teaming is an effective way to help identify and rectify weaknesses and omissions in your plan. 

76% of Australian companies have an incident response plan in place – but in today’s digital economy, just having a plan isn’t enough.

It’s clear from our findings in the Telstra Security Report 2018 that Australian organisations realise that security risk is one of the core business risks they need to manage. 

Timely Incident Response - Planning your response to a security incident

In the age of the General Data Protection Regulation (GDPR) and Australia’s mandatory data breach legislation, businesses cannot afford to assume that they won’t be attacked, or that they won’t suffer a breach.

Today, our potential attack surface is too large, the possible financial reward for cyber criminals are too lucrative and the fiscal and the reputational damages of a successful breach are too great to ignore. 

"76% of Australian organisations have an incident response plan in place."

- Telstra Security Report 2018

While the Telstra Security Report 2018 found that 76% of respondents had an incident response plan in place, we anticipate this will rise as organisations of all sizes start asking
the tough questions; such as: How would we react to a ransomware attack? How would we quarantine, investigate and eradicate the spread of malware once detected? What does our workflow to notify customers after a data breach look like?

While the increasing number of organisations with an incident response plan is encouraging, the effectiveness of those plans is an ongoing concern.

One of today’s key security challenges is the rapid pace of change, which makes it imperative to keep your incident response plan up to date, just like your security team’s skills. New technologies, business practices, data sources and potential threats all need to be integrated regularly, or your plan will lose its relevance, making it less likely to be effective when it’s needed most.

To maximise the probability of your plan being adhered to in the confusion that often follows a detected data breach, it needs to be up to date and relevant, to have buy-in across the company and it needs to be tested regularly so everyone knows what to expect.

80% of Australian respondents with an incident response plan indicated that they tested their plan at least quarterly, although the form of testing varies significantly – from document reviews through to tabletop exercises and full-blown simulations.

While some rehearsals can be effectively accomplished with just the security team, including key stakeholders from other parts of your business will greatly increase the likelihood of your incident response plan being followed on the day of a real incident. 

A sitting man working on a laptop whilst on the phone

This is especially important for your C-suite leaders and executives, whose time can be difficult to obtain, but senior leadership familiarity with the process can dramatically increase your effective response time. Of course, it’s not just a matter of time and resources. Although leaders recognise the importance of managing their security risk, those without a technology background may not feel engaged when asked to think about its practical implications.

One of the most effective ways to engage senior management is to “keep it real” and ensure the security response is presented within your business context. Take a challenging time from your organisation’s past - such as a prolonged power outage or a time your business was stretched over capacity from demand - and rework it into a security incident.

This gives you the ability to not only explore how the existing known weaknesses in your organisation could cope with an incident, but also helps create a connection between security principles and key business risk.

In addition to providing valuable experience, incident response rehearsals provide a critical opportunity to identify your weaknesses and encounter unforeseen issues. Red teaming, whether it’s provided by your own team, or an external partner, can help you identify and rectify a plan’s weaknesses and omissions.

Learning from past incidents is one of the key tenets of effective incidence response, however, especially amidst today’s cyber security skills shortage, it can be difficult to justify the cost of maintaining forensic investigation skills in-house.

When you’re putting your plan together, consider your internal security expertise, and if you need an experienced third party security team to assist you with crafting your plan, testing it – or even an ongoing partner to supplement your forensic investigation capabilities.

Find out more about our Incident Response solution, which gives you priority access to Telstra’s highly-skilled and experienced Computer Emergency Response Team.

Find out more

Related News

How to prepare your network for the world of tomorrow
Reach global markets
Reach global markets
How to prepare your network for the world of tomorrow

We investigate the technologies you need to prepare your global network for a disruptive decade. We’re on the cusp of a global data explosion. In its Essential Guide to Network...

2018's top technology trends
Create transformative innovation
Create transformative innovation
2018's top technology trends

From the introduction of 5G and GDPR to the mainstream embrace of multi-cloud environments, we take a look at 2018’s biggest technology trends. 1.     Building Australia’s firs...

Next-gen collaboration: How to work with AI
Liberate your workforce
Liberate your workforce
Next-gen collaboration: How to work with AI

We take a look at how Australian businesses are using AI as the next step on their digital transformation journeys to enhance collaboration and productivity. Australian busines...

VicRoads Camera
Optimise your IT
Optimise your IT
VicRoads digital transformation in the cloud and beyond

How VicRoads managed its cloud migration, improving data compliance and streamlining its digital operations. Last year, VicRoads embarked on an ambitious project to revolution...