Time matters when it comes to breach containment. As my colleagues have discussed previously, there is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result. One of the ways to improve your reaction time is through cybersecurity drills.
I recently took part in an interview with Sue Poremba, a security and tech writer at iMeet Central, on Why you should hold regular cybersecurity drills. As I note in the article, being prepared includes having in place tools and operations to remain resilient: to isolate the threat, remediate it, and to execute your crisis management plan.
Most organizations rely solely on the IT department to manage data breach response. Many also lack an internal response plan to deal with even small breaches. For organizations that do create a response plan, the next clear step is testing. You do this with regular cybersecurity drills. Working through various drill exercises—like role-playing, planned exercises, spot checks, and team work—you can become familiar with different threat scenarios. Through testing and repetition, you can evaluate your team's response and learn from mistakes.
An effective drill team will include IT and security professionals, communications and legal professionals, and involvement from leadership teams. Although cybersecurity drills are effective for breach response, security drills can also be effective. As part of cybersecurity training, educate employees about phishing scams, ransomware, and appropriate reporting of cybersecurity incidents. Proactive organizations are also extending cybersecurity drills to include business partners and third party organizations. Ensure that these drills become as commonplace as fire or other emergency response drills.
Aside from drills, you should also have crisis communications plans in place for media, customers, partners, and shareholders to enable a fast, efficient response. This includes creating draft email communications, press releases, and landing pages to explain what happened, how your company is addressing it, and what customers should do in the meantime.
Absolute provides endpoint security and data risk management solutions for thousands of customers around the globe. By providing them with a perpetual connection to all of their devices, our customers can secure endpoints, assess risk, and respond appropriately to security incidents. Learn more at Absolute.com