16 Tech Leaders’ Tips For Developing And Maintaining A Robust Incident Response Plan

AI Impact on Society/artificial intelligence

Expert Panel® | Forbes.com »

Whether a business uses technology to manage operations, builds tech tools for other businesses or consumers, or both, it faces the risk of a cybersecurity breach on a daily basis. A successful hack can potentially expose a company’s sensitive data, damage its reputation or even shut down its operations altogether. A top priority for any company working with technology and data must be a robust incident response plan.

Even with an established IR foundation, it’s essential for a tech leader to keep up with the latest threats, trends and best practices to ensure their organization’s IR strategy remains as tight as possible. Below, 16 members of Forbes Technology Council share their tips to help fellow tech leaders develop and continually improve their incident response plans.

1. Take A ‘When,’ Not ‘If,’ Approach

Tech leaders should take the view that they’re working to build a plan for “when,” not “if,” hackers attack. The IR strategy should include a playbook to follow in case of incidents, threat and incident detection tools, tabletop exercises, risk analysis, and cyber insurance. – Kashish Mittal, Emigre

2. Leverage Advanced Analytics And Tools To Expose Attacks Earlier

We must improve our threat detection and incident response capabilities by leveraging more advanced analytics, machine learning and artificial intelligence to assist security teams with exposing hidden attack campaigns earlier in the kill chain and arming them with context to accelerate responses and remediation. – Saryu NayyarGurucul

3. Lean On Documentation, Education And Testing

Documentation and education win the day here. If you have a well-documented incident response strategy and everyone is on the same page as to their specific roles and responsibilities, all should go smoothly in the event the strategy is needed. Lastly, random testing of your well-documented plan is the third pillar of ensuring you have a strategy worth fighting for. – Josh Heller, Candor

4. Shadow Team Members During Incident Response Events

Shadow your teams as they detect, react and respond to incidents so you see the impact of your policies and decisions. A blameless retrospective at the end is a great tool, but it may not uncover all the potential improvements and learnings that you can see by watching an event unfold. – Jesse Stockall, Snow Software

5. Check Your Tools And Have A Process For Monitoring And Reviewing Response Efforts

Have a plan in place! Make sure you know what you need to do in order to respond to incidents, and have a plan for how you will do it. You also need to have the right tools and resources at your disposal, so make sure you have the right software, devices and training. Finally, make sure you have a process in place for monitoring and reviewing your response efforts. – Iman Bashir, Craftly.AI

6. Frequently Review And Update Your IR Plan

Companies need to have an active and evolving IR plan. While some organizations develop a plan, most don’t review or change it until it’s too late. Whether your IR plan is created in-house or by a third party, frequently reviewing and updating it is key. Ensuring your plan keeps pace with the latest cyberthreats requires repetition, fine-tuning and live scenarios from your key stakeholders. – Lyndon Brown, Pondurance

7. Ensure You Have An Effective Alert And Collaboration Tool

A crucial step that leaders often overlook when designing an incident response plan is implementing the right tool for alert orchestration and team collaboration. To maximize an observability platform’s effectiveness, it must be complemented with a tool that can deliver incident alerts to service owners or incident responders wherever they are and mobilize the team to respond in a cohesive way. – Judit Sharon, OnPage Corporation

8. Establish A Multidisciplinary IR Team

Think of incident response as a continuous process based on the assumption that cyber adversaries are already in your network. It should be created collaboratively by a multidisciplinary team made up of key parties within the organization. Then it should be reviewed and tested on a regular basis through tabletop exercises to understand where vulnerabilities exist and how to mitigate them. – Matt Georgy, [redacted]

9. Test It Until It Works

The most important element of an incident response strategy is actually testing it until it works. You do not want the first time you run your incident response playbook to be when something bad has actually happened, because it rarely works right the first time. – Michael Fulton, Expedient

10. Document What You Learn From Incidents For Iterative Improvement

Don’t miss the opportunity to leverage incident response as a feedback mechanism for the larger system it serves. Each incident presents an opportunity to learn and improve in an iterative way. Document what you learn and ensure it feeds into system architecture, risk management and so on. Improve your resilience by learning to anticipate, withstand, recover and adapt through each incident. – Matthew Sharp, Logicworks

11. Commit To Open Communication With Customers

Escalate and communicate. Make sure the customer knows that someone senior is on the job and that you take it seriously. In a healthy relationship, an incident is not the time to argue—it’s time to make sure that the other party feels listened to. When they’re frustrated or not having the experience you want them to, keep the communication flowing; overcommunication can be better than brevity. – Alexander Hill, Senseye

12. Include Cyber Insurance Coverage

Integrate cyber insurance in any incident response plan. Depending on the type of business, cyber insurance can cover the liability associated with a breach. It is also possible to add other options such as forensics, regulatory fines, public relations expenses, ransomware payments, credit monitoring and legal costs. – Ritesh Mukherjee, Inseego

13. Use A Single Tool To Record Communications

Have a defined process to handle incidents and a clear chain of escalations. You can use the standard guides and practices widely adopted in the industry. Make sure you only use one tool to record all communications, and always have a post-incident analysis in the process. – Shashank Agarwal, BridgeML

14. ‘EAT’ Your IR Strategy

One tip is to “EAT” your incident response strategy—just as tech leaders speak of “eating our own dog food.” The more you educate, build awareness and train (or EAT), the stronger you are as a team and as a leader, and you can continuously handle incident response as an everyday capability. Build your team’s IR strength by “EAT-ing the right dog food.” Know your plan, and exercise your plan. – Erika Voss, Capital One Software

15. Make Sure Those Leading Your Cloud Security Strategy Are Well Trained

Have the right people with the right training leading your cloud security strategy. Make sure they have access to key stakeholders in the organization so they can both plan and execute a proper security strategy and lead the organization through an incident when it happens. – Shai Morag, Ermetic

16. Build A Hierarchy For Incident Response

Have a plan that can handle both vague and specific incidences. Make sure there’s a hierarchy to your response and a way to immediately match the incident with the correct people. Flexibility and communication will then be key to balance saving time and handling the incident. – WaiJe Coler, InfoTracer

Incident Response Plan

Incident Response Plan
External Link: 16 Tech Leaders’ Tips For Developing And Maintaining A Robust Incident Response Plan

Share this page:

Related Posts