Secure your business

Planning your response to a security incident before it happens

Highlights
  • Keep incident response rehearsals “real” to engage your senior leadership team and non-technical stakeholders.
  • Incident response plans need to be kept current, including new workflows, responsibilities, technologies and vendors.
  • Red teaming is an effective way to help identify and rectify weaknesses and omissions in your plan. 

76% of Australian companies have an incident response plan in place – but in today’s digital economy, just having a plan isn’t enough.

It’s clear from our findings in the Telstra Security Report 2018 that Australian organisations realise that security risk is one of the core business risks they need to manage. 

Timely Incident Response - Planning your response to a security incident

In the age of the General Data Protection Regulation (GDPR) and Australia’s mandatory data breach legislation, businesses cannot afford to assume that they won’t be attacked, or that they won’t suffer a breach.

Today, our potential attack surface is too large, the possible financial reward for cyber criminals are too lucrative and the fiscal and the reputational damages of a successful breach are too great to ignore. 

"76% of Australian organisations have an incident response plan in place."

- Telstra Security Report 2018

While the Telstra Security Report 2018 found that 76% of respondents had an incident response plan in place, we anticipate this will rise as organisations of all sizes start asking
the tough questions; such as: How would we react to a ransomware attack? How would we quarantine, investigate and eradicate the spread of malware once detected? What does our workflow to notify customers after a data breach look like?

While the increasing number of organisations with an incident response plan is encouraging, the effectiveness of those plans is an ongoing concern.

One of today’s key security challenges is the rapid pace of change, which makes it imperative to keep your incident response plan up to date, just like your security team’s skills. New technologies, business practices, data sources and potential threats all need to be integrated regularly, or your plan will lose its relevance, making it less likely to be effective when it’s needed most.

To maximise the probability of your plan being adhered to in the confusion that often follows a detected data breach, it needs to be up to date and relevant, to have buy-in across the company and it needs to be tested regularly so everyone knows what to expect.

80% of Australian respondents with an incident response plan indicated that they tested their plan at least quarterly, although the form of testing varies significantly – from document reviews through to tabletop exercises and full-blown simulations.

While some rehearsals can be effectively accomplished with just the security team, including key stakeholders from other parts of your business will greatly increase the likelihood of your incident response plan being followed on the day of a real incident. 

A sitting man working on a laptop whilst on the phone

This is especially important for your C-suite leaders and executives, whose time can be difficult to obtain, but senior leadership familiarity with the process can dramatically increase your effective response time. Of course, it’s not just a matter of time and resources. Although leaders recognise the importance of managing their security risk, those without a technology background may not feel engaged when asked to think about its practical implications.

One of the most effective ways to engage senior management is to “keep it real” and ensure the security response is presented within your business context. Take a challenging time from your organisation’s past - such as a prolonged power outage or a time your business was stretched over capacity from demand - and rework it into a security incident.

This gives you the ability to not only explore how the existing known weaknesses in your organisation could cope with an incident, but also helps create a connection between security principles and key business risk.

In addition to providing valuable experience, incident response rehearsals provide a critical opportunity to identify your weaknesses and encounter unforeseen issues. Red teaming, whether it’s provided by your own team, or an external partner, can help you identify and rectify a plan’s weaknesses and omissions.

Learning from past incidents is one of the key tenets of effective incidence response, however, especially amidst today’s cyber security skills shortage, it can be difficult to justify the cost of maintaining forensic investigation skills in-house.

When you’re putting your plan together, consider your internal security expertise, and if you need an experienced third party security team to assist you with crafting your plan, testing it – or even an ongoing partner to supplement your forensic investigation capabilities.

Find out more about our Incident Response solution, which gives you priority access to Telstra’s highly-skilled and experienced Computer Emergency Response Team.

Find out more

Related News

Choosing the right network partner
Reach global markets
Reach global markets
Choosing the right network partner

You need a trusted network partner to support your business’ growth. We look at the questions you need to find that partner. An effective digital strategy is a prerequisite for...

Think as one: Bringing your cloud and network together
Optimise your IT
Optimise your IT
Think as one: Bringing your cloud and network together

When your underpinning network and cloud foundation work as one, the promise of innovation can become a reality. Learn how to converge your network and cloud. Together, the ne...

A woman using virtual reality headset
Secure your business
Secure your business
The future of security: Threats, trends and investments

From rising budgets to machine learning, we look at the future trends changing the Australian security landscape. With the security landscape continuing to grow more complex, w...

Better together: Electronic and cyber security convergence
Secure your business
Secure your business
Better together: Electronic and cyber security convergence

Aligning your approach to physical security devices with your cyber security strategy is giving Australian organisations greater visibility over their security estate. Across A...