Every few months in offices around the country there will be the shrill of the fire alarm, following by us all obediently trudging down to an otherwise unused corner of our car park reserved for such occasions. Yes, no doubt like you, we have a quarterly fire drill. So serious is it taken that as part of every new staffers induction, they will be shown said spot in the car park on their first day. However, we have never once undertaken similar training for how to handle a cyber breach.
A recent Ponemon Institute survey of 450 security and IT professionals at medium to large companies across the UK highlighted that despite understanding the severity of cyber threats, most UK companies lack confidence in their ability to recover. According to the study, insufficient planning and preparedness is the major barrier to achieving a high level of cyber resilience. Despite 76 per cent of respondents recognising an incident response plan as the most important governance practice, 43 per cent said their organisations were unprepared to respond to a cyber security incident and do not have a cyber security incident response platform in place.
Surely, there should be a shift in focus from only prevention to an all-encompassing cyber security strategy that also includes threat detection and incident response, supported with the necessary policies, processes and technologies. Central to this should be a regular cyber breach drill so that staffers understand the process to help mitigate the damage should a breach occur.
A focus on incident response capability is also useful in enabling IT security teams to engage with board members, as the repercussions of the cyber breach hitting the proverbial fan is likely to be just what causes them to wake up in a cold sweat at night.
Cyber breaches are an unfortunate given in the world that we live, and indeed more prevalent than the chance of a fire within your office, so it is imperative to properly prepare and provision for them. By aligning staff, processes and technology for how to act once a breach occurs, organisations can improve their security posture and actually thrive in the face of future cyber security incidents.