Malicious cyber incidents continue to grab headlines. Cyber-attacks are nothing new, and whilst threat actors will continue to develop their tactics and techniques for delivery and intrusion, the reality is that most organisations are now well versed in detecting, responding to, and recovering from attacks against their business via the cyber space. Or are they?
Why are incidents still having such significant impacts – why are organisations, many of whom in possession of multi-million pound or dollar cyber security strategies and an abundance of resources, still scrambling to protect themselves from cyber-attacks when we’ve had years to refine our craft? At this point you are encouraged to consider just how well your organisation is placed to swiftly and effectively respond to and recover from a cyber incident. Do you have confidence in your plans and processes?
Is your business ‘good enough’? Are you outstanding, true leaders amongst your peer group or sector? For a CEO or Board of Directors, they might not want to hear that your approach to cyber incident management is ‘good enough,’ they may expect that you be one of those industry-leading and shining examples of best practice, up there amongst the very best. This expectation is a natural but perhaps misguided one; to achieve a perceived ‘gold standard’ costs money, a lot of money, and needs an extensive number of resources to build and maintain it – but is that what YOUR business needs? Would that approach be considered overkill and a potential waste of money? The key here is context and proportionality – a ‘good enough’ strategy that is built around the scale and context of your business operations, and one that is proportionate to the cyber threats and risks you face. These must be the drivers of your approach to cyber incident response.