What ails cybersecurity strategies?

by CXOtoday News Desk    Dec 03, 2013

cyber plan

Cybercriminals are everywhere, targeting organizations of all sizes and across industry sectors. Recent analyst and media reports make clear that attacks are becoming increasingly sophisticated, more frequent, and their consequences more dire. In such a situation having an incident-response (IR) plan becomes inevitable. However, to say that companies, especially large enterprises, do not have an IR plan in place would be wrong. In fact, bigger companies often invest serious time, money, and effort in these plans. But a recent McKinsey report found out that most organizations don’t truly operationalize their IR plans.

What ails an IR plan?

The researchers state many of these plans are ineffective due to poor design or implementation, or both. Some of the major drawbacks of these plans include:

Firstly, the documentation is neither updated nor specific that makes it difficult for companies to deal with specific activities during a crisis. McKinsey researchers believe on the contrary that most attacks are extremely targeted and need prompt action.

Secondly, in case of global organizations, the plans are not integrated across business units, but in silos. This is not effective for managing an incident across the whole business and also inhibits sharing relevant knowledge and best practices.

Thirdly, decision making in a response scenario is often left to one or two key people in the organization. In most cases, it may result in a single point of failure as the one or two people may not have the capacity to identify and manage all the moving parts of a complex breach scenario.

However, the analysts believe that these shortfalls can be addressed by an effective IR plan based on a framework for risk identification, decision making, and escalation paths across the whole business.

According to McKinsey researchers, it is important for companies to decide on the components of an incident-response plan. An IR plan usually has six major parts, namely incident taxonomy, a data classification framework, performance objective for responding to a loss of customer data, the right tools and most importantly a clearly defined objective. However, researchers believe the key lies in effectively implementing the IR program to ensure success.

Ensuring a successful IR program

The McKinsey report notes that businesses must take a 4-prong approach to build an incident response program. These include:

Understanding the environment:  According to researchers, once a basic understanding of the environment is achieved, organizations should assess the effectiveness of previous response efforts. For each previous incident, they should identify any problems that arose with the response, diagnose potential causes for failure, and create an exhaustive list of potential failure modes.

Identify the most critical information assets: Organizations need to identify the information assets most critical to business operations as a basis for developing the data-specific actions to be taken. For each asset, there should be a clear analysis of the cyber risks involved, the business impact if the asset is compromised, and the response required.

Enterprises should involve people: While designing an IR plan, companies shouldinvolving people who will own and maintain IR documentation. Once the team creates the overall outline and specific structure of the IR documents, it should share the draft work with the security team. This not only solicits valuable feedback from an eventual end user but also generates excitement for the tool.

Integrate planning into business processes: This is the final step to the success of your IR plan.Having a robust incident-response plan on paper is critical, but all too often organizations overlook the fact that developing a real IR capability requires moving the plan from a static document to being embedded in the fabric of the organization. For this, McKinsey researchers note thatcompanies should invest a lot in developing regular training and practice.

In conclusion, an effective IR plan can lead to improved decision making, enhanced internal and external coordination and an established clear roles and responsibilities across the organization. Most importantly, a strong response plan ensures that minor events do not escalate into major incidents and reduce incidents of threats.