The Tampa Business Guide to Cybersecurity Incidence Response Planning

Tampa Business Guide to Cybersecurity Incidence Response Planning

Cybersecurity has become a major threat to small and midsized businesses. Nationally, the number of attacks that target these companies has even surpassed attacks that target enterprises. Why? Smaller cybersecurity budgets and a lack of expertise make them easy targets.

Florida businesses are no exception. In just the last few years, we’ve experienced several high-profile incidents. Russian hackers have increased their attacks on the local business community, putting the state’s security professionals on edge. Disgruntled employees have stolen troves of confidential data. We’ve even had hackers try to poison Tampa’s drinking water.

A powerful but overlooked tool in the cybersecurity toolbox is the incident response plan. Having a centralized document that explains how your company can respond to a data breach or ransomware attack is critical to defending your business.

How Do I Develop a Cybersecurity Incident Response Plan?

The first thing to do is assemble stakeholders from across your organization to contribute their skills and perspectives.

This team should include technical personnel who can help to prioritize and oversee the actual incident response, as well as people who can coordinate the important legal, human resource, and public relations components of a comprehensive plan.

The support of senior leadership is critical too. An incident response plan needs long-term maintenance to stay relevant to your evolving business. This makes executive buy-in critical, so that the incident response team receives the time and resources it needs to succeed.

The next step is to conduct a network risk assessment.

If you’ve never performed one, a risk assessment is an audit of your technology and processes to identify which cybersecurity or technology disasters would have the biggest impact on your business. It also measures how effectively your existing security controls will defend you against those threats.

The National Institute for Standards and Technology (NIST) Cybersecurity Framework is a great resource to help you conduct a successful assessment. Developed by the Federal Government to protect the nation’s critical infrastructure, the NIST framework is now a model for small and midsized businesses across the country that want to better understand their cyber risk.

NIST has several documents that can help guide you through the assessment process:

• NIST 800-53 Security and Control Framework (link)
  This provides a template and checklist that you can use to measure your controls
• NIST 800-37 Risk Management Framework (link)
  Outlines a step-by-step process for assessing risk and implementing your countermeasures
• NIST Cybersecurity Framework
  Helps guide your risk management program and threat mitigation processes

Navigating the risk assessment may be difficult with in-house expertise alone. Because of that, many companies enlist an external cybersecurity partner to help them navigate NIST and ensure that they get the right handle on their cybersecurity risk.

What Information Should I Include in My Incident Response Plan?

The first thing to clarify is that the incident response plan will be different to every business. Every organization has unique operational goals, business objectives, culture, and network technology. All their cybersecurity plans and protections must be designed to accommodate that uniqueness.

In general, an effective incident response plan will have at least these 5 sections:

1. Prepare
   To prepare, you should identify who will response to cybersecurity issues. This phase also includes reviewing the roster and the entire plan itself to document changes, so that everyone is working off the latest version of the plan.
2. Identify
   This step means how you’ll detect and analyze cybersecurity threats. It should also include how to document and report cyber threats to the rest of your organization, so that you have a coordinated response to an incident. You may wish to deploy a dedicated incident management system to track evidence related to the event.
3. Contain
   Once your team has detected a new threat, the next step is to prevent that threat from causing more damage to your network. This probably means isolating the affected server of endpoint. An example of stronger containment measures is replacing an affected hard drives or piece of hardware.In order to properly contain a threat, interrogate it like you would a real-life criminal. Who was involved? What exactly took place? Where did the attack occur? Why did it bypass my defenses? How did we identify the attack?
4. Eradicate
   This stage is where you find the root cause of the incident and take immediate steps to prevent similar attacks in the future, which could be patching systems, updating software, or otherwise ensuring that no artifacts from the attack are still in your systems.
5. Recovery
   Now that the threats have been eliminated, you can start to restore functionality to the rest of your network. As you bring your technology back online, monitor the system and ensure that each system is behaving as they should.
6. Learn and Test
   The final step is to test your systems and gather as a team to discuss the attack, update the incident plan based on the knowledge that you’ve gained through your recent recovery efforts, and complete any documentation your regulators require.

 Do I Really Need an Incident Response Plan?

The short answer is, yes! Cybersecurity attacks like ransomware or malware can be devastating to a business — but they don’t have to be. When you identify intrusion early and take steps to contain the problem, you can avoid some of the worst effects and save a considerable amount in recovery expenses.

Specifically, it helps you achieve a few key goals:

• Locate the root cause of a cybersecurity incident and strategically strengthen defenses
• Reduce the amount of time it takes to remediate the impact of an incident.
• Limit the damage a cyberattack causes your business

But the plan isn’t a “one-and-done” initiative; businesses must allocate regular attention to maintain their incidence response plan. New hires, shifting business priorities, changes in your technology, and a long list of other events can push your response plan out of alignment with your business.

Regulatory Compliance Requirements
In some cases, incident response planning isn’t just important to have, it’s the law. Regulatory compliance standards, like General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), HIPAA all require organizations have a plan for dealing with cybersecurity threats and test that plan at least annually.

Manage Cybersecurity Risk with the Help of a Trusted Partner

The average salary for a cybersecurity engineer in Florida is over $113,000, putting important IT talent out of reach for many small and midsized businesses in the state.

For decades, the cybersecurity team at LNS Solutions has been helping businesses in Tampa manage their cybersecurity and regulatory compliance risk. If your business could benefit from outside cyber expertise, fill out the form below. You can also reach our friendly and responsive team any time at info@LNSSolutions.com or (813) 393-1626.

We look forward to speaking with you!