Mistake 1: You don't have a playbook.
First and foremost, you need to create a cyber response playbook. This playbook should detail who is responsible for what in the event of a breach, including a timeline of events. This includes corporate counsel, human resources, IT, public relations, and your customer-facing departments such as account directors or a call center. Keep in mind, nearly everyone in your organization will play a role during a response. Also, ensure this playbook covers the most realistic scenarios possible. This can be accomplished by referencing your organization’s risk profile. (For example, are you more susceptible to ransomware, an insider threat, or a rogue employee?)
Mistake 2: You have a playbook, but you haven't practiced it.
We have been brought into organizations that have a playbook, but didn’t practice it before an incident occurred. This is like having a fire escape plan, but reading it for the first time as the flames are engulfing your office. Schedule the drills in advance, and make them mandatory. You can practice at the cadence that makes sense for your organization, but we recommend at least twice a year.
Mistake 3: The right people aren't at your cyber drill.
If you don’t have your CEO in the room for the drill, that’s where all of your best-laid plans can change. Cyber drills are not just for middle managers and implementers; executives must take part and practice as if a real, impactful cyber breach was just detected. Also, this is not just an internal event: You also need to involve the appropriate third parties, whether that is a managed services partner, your consulting partner, application vendors, public relations firms, and more. Anyone who would need to be aware and involved in a real incident should be involved in the drill, period.
Mistake 4: IT is solely responsible for security.
Security is not an IT issue – it’s a business issue, and everyone at the company is responsible for it. When a cyber breach occurs, everyone turns to IT: “What do we do?!” While IT can and should be part of the solution in many cases, they cannot shoulder security for an entire organization; it never works. Cybersecurity needs to be engrained into your company culture through required trainings and processes, and the business sand IT sides need to work together on strategy and implementation. If you go through a response drill and engage team members from both sides, you will very quickly understand why the two need to be working together before an incident occurs.
Read the full article in CSO.