teissTalk: Maximising the effectiveness of your incident response plan

teissTalk host Jenny Radcliffe was joined by Roland Cloutier, Global CSO, TikTok; Lee M. Howard, Associate Director of Cyber Security, Grant Thornton UK LLP; Joe Hancock, Partner (non-lawyer) & Head of MDR Cyber, Mishcon de Reya LLP; and Tim Erridge, Vice President, Services, EMEA, Palo Alto Networks

 

Views on news

 

People should be at the centre of organizations’ incident response programs, according to two Proofpoint speakers during a session at the RSA Conference 2022. The  NIST 800-61 incident response framework can be used to help build an incident response program “in a people-centric way,” said Reed.

 

He also advised classifying these individuals into three categories: careless users, compromised users and malicious users. An important aspect of a human-centric incident response programme is to establish who your high-risk users are, what data you’re worried about and how it may be at risk. Humans will certainly remain key to incident response as until a comprehensive, end-to-end tool emerges, their expertise will be critical to navigating a combination of different tools.

 

Tabletops and real incidents

 

While earlier incident response was a concern of technologists (IT and security professionals), today you have to involve privacy experts, customer support, third parties etc. too. While incident response teams send out updates regarding what’s actually happening, other teams involved in the response need to have the muscle memory to remember what they need to do once the information has reached them.

 

Communication channels are especially of huge importance as threat actors often aim to strangle the communication network to ensure chaos. The stress aspect of incident response is often glossed over as it doesn’t come out during simulations but only while the real thing is happening.

 

Frameworks provide an excellent opportunity to train and learn. One of the biggest challenges right now is skills shortage, which is why automation is key to liberating talent from laborious and mundane tasks.

 

Strategic intelligence, i.e., detailed information on cyber attacks from organisations that have suffered one, can play a key role in preparing the business for a future breach in a tabletop exercise. You need to “sell” these exercises to other business units by pointing out how they can benefit from them.