What Is a Cyber Incident Response Program and Do I REALLY Need One?

Updated: Apr 13

No time to read? Listen to this episode here:



But before we get to it, what’s new in cybersecurity this week?


  • The phone numbers and personal data of more than 500 million Facebook users have been posted online for free by a low-level hacker. Facebook acknowledged the news in an emailed statement Saturday afternoon, but said the data was obtained during a breach in 2019.

  • Three security vulnerabilities in the popular Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. The FBI and the Cybersecurity and Infrastructure Security Agency are warning that nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products.

  • Attackers are impersonating Robinhood stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files. Robinhood, which aims to make it easy for people to trade stocks online but has faced a number of regulatory and legal challenges along the way, sent an email to customers Thursday warning of a phishing scam “that may have reached some of our customers.”


And now to our main topic for this week.



What Is a Cyber Incident Response Program and Do I REALLY Need One?


It typically starts like this:


You’re preparing to leave the office on a cool Tuesday afternoon when your desk phone beeps. It’s your IT guy. You can hear the worry laced in his voice from the moment he coughs. He has been locked out of the system and wondering if you authorized the move and have terminated his appointment.


You tell him no - surprised - and hear him punch frantically at his keyboard as you hold. Your accountant knocks quietly and enters your office. She tells you she can’t access the financial records at the company’s server due to a password reset.


Murmurs from the workplace begin to filter into your office. Disjointed, unintelligible words swarming in at first, till you piece them together.



‘Can’t access the client’s order records’

‘Can’t log in.’

‘What’s going on?’


“Well, that’s what I intend to find out,” You mutter to yourself.


Your IT guy tells you to come to see something for yourself. You wander through a bewildered hall into the IT office. He puts you up to speed with the dreadful news.


Your servers have hit by ransomware - a troublesome one too, the one that encrypts each file with a unique key. While pondering how this happened in the first place, you see a message on the screen directing you to make payments in Bitcoin to a wallet or risk your data published on the net, not to mention never to be accessed by you again.


This is but a cautionary tale of how things could go awry in a matter of minutes.

At that moment, what actions do you take? What about the rest of your team?


Business data is one of the most valuable assets in today’s digitized world. But not enough attention is being paid to protect them and plan accordingly to respond to a cyber incident.


Last year alone, over 6,000 businesses globally suffered a data breach, with 7.9 billion records compromised and over $23 billion lost.


The fascinating thing about data breaches is not a matter of whether it’s going to happen. It’s a simple matter of when it will. Because no matter how best you prepare your business for data protection, hackers are constantly motivated to outdo themselves and access the 'crown jewels', whether that's Personally Identifiable Information (PII), Protected Health Information (PHI), trade secrets, or something else. It's a business, and it pays very well.

Staying on top of the situation when the threat materializes and knowing exactly what to do is often the difference between an incident and a disaster. That's precisely what a Cyber Incident Response Program is for.


What Is a Cyber Incident Response Program?


A Cyber Incident Response Program is a combination of a proactive risk management strategy, training and preparation, and actual controls aimed at helping the organization to respond to a cyber attack as efficiently as possible - on all levels, be it executive, IT, legal, HR, external partners, or even public relations.


Arguably, the key component of a decent Cyber Incident Response Program is a Cyber Incident Response Plan (or IR plan) - a specialized set of procedures or instructions to aid the business in detecting, responding, and bouncing back from cyber attacks.


Even a basic IR plan centered around specific attack scenarios such as ransomware, DDoS, phishing, or even insider threats, can make a huge difference when the crisis strikes.


A more comprehensive cyber IR plan would also include incident identification guidelines, detailed roles and responsibilities of each Cyber Incident Response Team (CIRT) member, escalation procedures, specific regulatory obligations fulfillment (as required by regulatory and compliance bodies such as PCI, DSS, SOX, HIPAA, FFIEC, and more), Do's and Don'ts for every step of the process, report templates, useful tools, and much more.


Do You Really Need a Cyber Incident Response Program for Your Business?


The role of Incident Response planning in businesses cannot be downplayed. It is key that every business, small or large, has an effective incident response in place. Why?


  • Regulatory bodies obligate you to. Governmental and compliance agencies want your business to reduce risks resulting from a cyber attack. Thus, they require you to have a highly comprehensive cyber incident response plan in place for implementation. For instance, the Payment Card Industry Data Security Standard (PCI DSS) Requirement 12.10 tasks businesses with ‘implementing an incident response plan’ to be sufficiently prepared to respond to a key system breach.

  • The impact of a breach will rise without it. Without a cyber incident response plan to actualize in the event of a breach, your business might suffer quite an irreparable loss (especially if the business is relatively small). A comprehensive IR plan helps you to not only avoid a breach, not reduce the damage if it does occur.

  • Your shareholders and customers want to feel safe. Data breaches aren’t a pretty sight, especially if sensitive personal or financial information is now in the wrong hands, used for fraud, impersonation, and identity theft. Your business partners, shareholders, customers, and vendors want to feel safe. Thus, if they’re aware that your business has an actionable IR plan, loyalty comes naturally.


Having an effective cyber incident response program distinguishes your business from the many others that suffer data breaches every year. Reach out to us to talk solutions.


Like this content? Subscribe and get key cybersecurity news and insights weekly right into your mailbox!

Recent Posts

See All