Dress Rehearsal for Disaster: Why Your Business Needs an Incident Response Strategy

The Phantom of the Opera is the longest-running show on Broadway with over 13,000 performances and a 35-year tenure performing to packed houses. From its initial run in London back in 1986 before launching on Broadway in 1988, the show has delivered a consistently high-quality experience for thrilled audiences worldwide.

During the tenure of the production, it has been performed in multiple languages, by thousands of cast members. Still, the popularity and success have remained and that is down to having a very clear plan to follow. In theatre parlance, this will be a script that provides the lyrics and production guidelines to ensure that despite the variables of cast and location, the quality of the operation and performance remains high quality.

Planning and rehearsing are vital in all aspects of life to ensure success and if we apply the same logic to preparation for a cyber attack, organizations can be found wanting. If the exam question is, “What would you do in the event of a cyber-attack?”, you will often be met with a blank stare. This is not down to ignorance but predominantly because thankfully, there are still organizations yet to experience the disruption caused by a cyber attack.

Cyber attacks can cause immense disruption to business operations. According to Statista, the average downtime from a Ransomware attack in the US was 24 days. Naturally, being down for 24 days can cause a huge impact and possibly put an organization out of business but with the heavy reliance on information technology, even an hour of disruption can impact customers, employees and shareholders.

One of the biggest challenges and an important consideration when dealing with a cyber attack is determining who is in charge of the response. With a Broadway show, the overall responsibility lies with the Director to ensure everyone is on point in following the script to ensure a perfect show. That Director will have years of experience and there will have been a lengthy recruitment process to allow the backers of the show to make an informed decision, and ultimately the right selection. The Director may get it wrong occasionally and the show may not run as well on certain occasions but that is ultimately recoverable and will rarely impact sales. However, in the event of a cyber attack on an organization, having the right person or organization in charge of the response is even more critical as getting it wrong can mean that the business is no longer viable.

Even if you have never experienced a cyber attack it is important to be prepared to ensure the minimum of disruption and an efficient response. In the same way that we have home security cameras and alarms even though we may never have been burgled, preparation is key. Having the right person or partner to be in charge of the response is imperative and a key part of preparation. It cannot be understated in terms of the panic and chaos that a cyber attack can cause. A cyber attack can include the following events within your organization:

• Endpoints encrypted
• Vital Customer applications down
• Lack of understanding of what has happened
• Backup impacted
• Share price impacted
• Customer satisfaction impacted

In some organizations, the IT and Security teams are large enough and fortunate enough to have the requisite skills and plan in-house to create, rehearse, and follow an Incident Readiness and Response Plan. For many others, there are not the resources internally with the necessary experience to be a “safe pair of hands”.

When bringing in a third-party provider, some good questions to ask are:

• Are they experienced in cybersecurity and remediating cyber attacks?
• Do they have a global presence so that they can provide 24×7 responses?
• Do they have experience across IT infrastructure to help remediate the issues that a cyber attack can cause on networks and endpoints?
• Will they commit to a response within a certain timeframe?

By running through a process where you can make an informed decision and select the right person or individual for Incident Management, you can reduce the panic and distress that an incident will cause. You will not have to overspend and rush contracts through without the necessary diligence because of the urgency of the situation. It can provide an enormous level of comfort knowing that there is a trusted, experienced team on contract and working on your behalf to restore business operations in the worst-case scenario of a cyber attack.

At Thrive, our Incident Response Retainer helps ensure your organization is prepared, should a cybersecurity incident arise. Our team of experts is here to support your organization before, during, and after a disaster. Throughout our partnership, our designated experts will provide feedback and help deploy a tailored Incident Response Plan (IRP), regularly testing and optimizing your IRP. Should a cybersecurity incident arise, Thrive will immediately be in contact with your team to diagnose the incident and determine the next steps. Together, you can feel empowered about your IRP and ensure the safety of your organization’s sensitive data.

Whether it’s a Broadway show or being able to respond to an incident, ultimately preparation and the right person in charge will determine whether it’s a roaring success or a critical failure!

Contact Thrive today to learn more about how Incident Response and Remediation can help your organization minimize a disaster.