Ransomware is bad. Cyber crooks can seize your network, encrypt your files, render your devices useless and demand payment to reverse the damages. As destructive and disruptive as ransomware is, are there other threats that you fear more?
During a recent incident response workshop, some of the attendees shared their risk assessments. Many had identified other threats and attacks with higher risks than ransomware. The risk scores were calculated by multiplying the likelihood of occurrence by the level of impact. Some of the occurrences were not associated with cyber attacks. For instance, one patron noted that loss of power earned a catastrophic level of impact. Another noted that data theft and destruction of data was of high risk.
These examples are reasons why each organization needs to perform a risk assessment. A template or sample can serve as a guide but not all institutions are the same. Understanding dangers and associated damages can assist with developing a strong incident response plan.
Planning an incident response program involves dedication of time to identify possible threats, their symptoms and remediation efforts, then an assessment of the potential impact of these risks will assist with an understanding of how to organize this into the plan.
Once the program is in place, it should be tested and revised on a regular basis. Your plan should include these steps.
- Preparation/planning
- Identify
- Containment
- Eradication
- Recovery
- Lessons learned
- Review, Test, Train, Maintain
State the reason for the plan. A well-defined plan will save time and money, should the occasion occur that it needs to be implemented.