Enterprises typically have well thought through disaster recovery plans, for example, perhaps even well-rehearsed ones. The human response to natural disasters is predictable and easily imagined because anybody can visualize fire and flood. Not so for cyberattacks, especially by an invisible enemy who has elements of surprise and unpredictability in his favor. Emotions ride high with a sense of affront mixed with anger, and those emotions may impact negatively on the performance and decision making capabilities of the defense team.
Following are lessons learned from breach response incidents that can be incorporated into breach planning.
Cyberattack Response Team Composition
The instinctive approach to identifying individuals for a breach response team is to focus on the enterprise’s IT security and infrastructure personnel, with some management involvement for major decision making and communication roles. However, a varied mix of departments, disciplines and responsibilities would appear to bring a range of different objective views to the table. Similarly, a variety of age, gender and social backgrounds provides a better source of inspiration, approaches and valid subjective analysis. Experts can contribute essential advice and activity that is not confined to IT security. PR and communication professionals provide essential action channels and work best when they are engaged at initial planning stages.
Team Size and Agility
There is an analogy between breach response and battlefield conditions. Small units with a flat command structure, who can rapidly come to a decision and execute it swiftly, are more effective in tight situations than an entire army. The need for extremely fast decision making followed by instant action is proven as a prized element in successful breach response scenarios.
The Effect of Human Emotions
Forewarned is forearmed. Briefing members of a breach response team regarding the likely emotional impact of a severe and sustained cyberattack, and freely discussing psychological and physical symptoms, will result in participants being alert to those potential reactions during an attack.
- Disbelief – losing precious time immediately the attack has been detected. Rapid early realization, decision making, team engagement and action are vital for damage limitation.
- Freezing – a cyberattack is an assault. Assaults affect the psyches of individuals in greatly varying ways. High stress situations cause some to crumble and others to shine.
- Rushing in – humans have a natural tendency to focus on what they can see in front of them. Leaders are expected to take a holistic view and consider a variety of scenarios and risks before authorizing specific actions.
- Exhaustion – both mental and physical, is detrimental to clear and objective decision making. Sustained attacks inevitably result in fatigued and diminished defense capability.
How Do You Prepare?
The best breach response plans are rehearsed, and contain clear lines of responsibility, authority, command and escalation. The single biggest difference between a regular implementation plan and a breach response plan is the difficulty in simulating the human response to a real attack. Scheduled fire drills are relaxed affairs. Breach drills are similar.
- Expect the unexpected – IT Security suppliers are capable of staging random simulated cyberattacks. That is certainly a step in the right direction but unlikely to replicate a prolonged and realistic attack scenario simply because of the potential impact on day to day business operations. However, the best drilled defense is usually the one that wind through.
Enterprises should expect a cyberattack as a high probability, high impact risk. Incorporating human response into attack scenarios is now a recognized component of quality assurance guidance for breach response planning. The day of the cyborg as the response team lead may be closer than we think.
For strategies on how to empower your organization with superior data security capabilities, contact HOSTING to speak with our team of data security experts. Or download our white paper, How to Save Your Company From a Data Breach.