Secure your business

Planning your response to a security incident before it happens

Highlights
  • Keep incident response rehearsals “real” to engage your senior leadership team and non-technical stakeholders.
  • Incident response plans need to be kept current, including new workflows, responsibilities, technologies and vendors.
  • Red teaming is an effective way to help identify and rectify weaknesses and omissions in your plan. 

76% of Australian companies have an incident response plan in place – but in today’s digital economy, just having a plan isn’t enough.

It’s clear from our findings in the Telstra Security Report 2018 that Australian organisations realise that security risk is one of the core business risks they need to manage. 

Timely Incident Response - Planning your response to a security incident

In the age of the General Data Protection Regulation (GDPR) and Australia’s mandatory data breach legislation, businesses cannot afford to assume that they won’t be attacked, or that they won’t suffer a breach.

Today, our potential attack surface is too large, the possible financial reward for cyber criminals are too lucrative and the fiscal and the reputational damages of a successful breach are too great to ignore. 

"76% of Australian organisations have an incident response plan in place."

- Telstra Security Report 2018

While the Telstra Security Report 2018 found that 76% of respondents had an incident response plan in place, we anticipate this will rise as organisations of all sizes start asking
the tough questions; such as: How would we react to a ransomware attack? How would we quarantine, investigate and eradicate the spread of malware once detected? What does our workflow to notify customers after a data breach look like?

While the increasing number of organisations with an incident response plan is encouraging, the effectiveness of those plans is an ongoing concern.

One of today’s key security challenges is the rapid pace of change, which makes it imperative to keep your incident response plan up to date, just like your security team’s skills. New technologies, business practices, data sources and potential threats all need to be integrated regularly, or your plan will lose its relevance, making it less likely to be effective when it’s needed most.

To maximise the probability of your plan being adhered to in the confusion that often follows a detected data breach, it needs to be up to date and relevant, to have buy-in across the company and it needs to be tested regularly so everyone knows what to expect.

80% of Australian respondents with an incident response plan indicated that they tested their plan at least quarterly, although the form of testing varies significantly – from document reviews through to tabletop exercises and full-blown simulations.

While some rehearsals can be effectively accomplished with just the security team, including key stakeholders from other parts of your business will greatly increase the likelihood of your incident response plan being followed on the day of a real incident. 

A sitting man working on a laptop whilst on the phone

This is especially important for your C-suite leaders and executives, whose time can be difficult to obtain, but senior leadership familiarity with the process can dramatically increase your effective response time. Of course, it’s not just a matter of time and resources. Although leaders recognise the importance of managing their security risk, those without a technology background may not feel engaged when asked to think about its practical implications.

One of the most effective ways to engage senior management is to “keep it real” and ensure the security response is presented within your business context. Take a challenging time from your organisation’s past - such as a prolonged power outage or a time your business was stretched over capacity from demand - and rework it into a security incident.

This gives you the ability to not only explore how the existing known weaknesses in your organisation could cope with an incident, but also helps create a connection between security principles and key business risk.

In addition to providing valuable experience, incident response rehearsals provide a critical opportunity to identify your weaknesses and encounter unforeseen issues. Red teaming, whether it’s provided by your own team, or an external partner, can help you identify and rectify a plan’s weaknesses and omissions.

Learning from past incidents is one of the key tenets of effective incidence response, however, especially amidst today’s cyber security skills shortage, it can be difficult to justify the cost of maintaining forensic investigation skills in-house.

When you’re putting your plan together, consider your internal security expertise, and if you need an experienced third party security team to assist you with crafting your plan, testing it – or even an ongoing partner to supplement your forensic investigation capabilities.

Find out more about our Incident Response solution, which gives you priority access to Telstra’s highly-skilled and experienced Computer Emergency Response Team.

Find out more

Related News

Staying connected in the field
Liberate your workforce
Liberate your workforce
Staying connected in the field

We take a look at the collaboration technologies keeping geographically dispersed workers in touch with head office. Whether they’re on a remote site or going door-to-door vis...

colleagues on an iPad
Liberate your workforce
Liberate your workforce
Tip of the iceberg: Inside mobile threat detection

An integral part of our workplace, mobiles are being overlooked as a vector for cyber threat. In its Market Guide for Mobile Threat Defense Solutions, Gartner estimates that “...

Man on mobile and laptop
Secure your business
Secure your business
Towards a whole of organisation incident response plan

Most Australian organisations have an incident response plan in place, but many security professionals face challenges engaging crucial stakeholders outside IT. The Telstra Sec...

Visibility, reliability: Future proofing Australia
Optimise your IT
Optimise your IT
Visibility, reliability: Future proofing Australia

Take a look at the changes underway in Telstra’s networks, as we bring our vision for the future to life. It’s no small feat to redesign infrastructure that connects millions o...