Criminals act fast and encourage panic to achieve their objectives. An incident response plan will keep you organised and in control during a pressure situation.
Timely decision making is essential during a cyber attack. Similarly to fire drills, you should prepare for the worst-case scenario; review and practice the plan to identify gaps and be confident that it will be fit for purpose.
Here is a brief summary of what to include in your incident response plan:
Who to notify
Know your assets
The Incident Response Process
Recognise what you are up against to plan your approach effectively, with the help of your incident response plan. Continue to examine the attack, you may need to re-evaluate your tactics.
When safe to do so and after careful analysis, launch measures that will reduce the impact of the threat, technically (such as isolating systems) and non-technically (such as media communications).
Remove the threat and examine its success. Once certain it no longer poses a problem, only then should you start the recovery phase. You may have to repeat other steps of the process before full remediation is achieved.
At this stage you have confirmed the threat has gone and clean systems can be installed. Clean data backups can be recovered if needed, for business to resume as usual.
Following an incident, review lessons learned and document improvements in your incident response plan. Be aware of any secondary attacks, while you recover and you move forward.