Six Steps to Validate Cyber Incident Response Plans in Times of Conflict
Should the worst occur, cyber incident response plans can help mobilise resources, contain the attack, mitigate damages and expedite recovery.
Losses, disruptions and damages due to cyber attacks have become a major risk to governments and businesses alike. Such risks get amplified significantly during times of conflict or instability and Russia’s invasion of Ukraine is a case in point. Should the worst occur, cyber incident response plans can help mobilise resources, contain the attack, mitigate damages and expedite recovery.
But having a plan on paper is never enough; it’s not a substitute for actual practice. Cyber drills need to be carried out repeatedly, tested thoroughly, and optimised for the real world. Like fire drills at school, when the bell goes off, everyone should know their place.
Cyber incident response capabilities
Listed below are some important considerations for organisations to consider when evaluating cyber incident response capabilities:
- Be clear with objectives
- Pick an exercise that matches the desired objectives
- Choose your exercise target wisely
- Develop cyber incident scenarios that are challenging but achievable
- Ensure to involve all the right parties
- Be open and learn together
In times of conflict or instability, cyber incident testing exercises should be put to action as this can help identify gaps in the most seemingly robust incident response plan. Incident management plans must be thought of as a living document that needs continuous reviewing and updating as the threat landscape evolves. After all, true cyber resilience can only be achieved if the organisation is truly capable of detecting, responding and recovering from a genuine, real-world cyber incident.