Making Business Decisions That Support Cybersecurity Response
In the poem “To a Mouse,” Scottish author Robert Burns said, “The most successful schemes laid out by mice and mankind. The group following A-gley. The phrase can be recognized in its more often used form, “The best-laid plans of mice and humans often fail.”Understanding how your corporate policies will impact your approach to cybersecurity is an essential part of the planning process.
This term might serve as motivation for crisis management, business continuity planning, and incident response teams. They understand that once the first shot has been fired, no plan will work. The previous president Dwight D. Eisenhower, on the other hand, stated, “In planning for battle, I’ve always concluded that plans are not useful and planning is essential.” Create a governance structure that supports the development of a strong organization after first knowing what business practices and procedures may affect the reaction in order to be prepared.
Plans for incident response on their own are insufficient. Responders and planners must get more knowledgeable about how their firm runs generally. This makes it possible for planners to pinpoint practices and procedures that might have an impact on the response as a whole.
Think of this planning as a form of system design methodology based on the NIST 800-160 principles, but from the perspective of business processes.
Or, to put it another way, what good is a good incident response system if the business practices hinder, reduce, or prevent it from operating? Your cybersecurity plan may look great on paper and even stand alone. In actuality, though, it’s an additional procedure that could stop working suddenly while it’s operating alongside the rest of your organization.
Do Your Needs Match Your Program’s Logic?
A program for responding to incidents must be adaptable while preserving structure. A lack of communication and an unstructured Wild West of decision authority protocols could result if this doesn’t happen.
Centralized control is typically not a good option for large companies. Centralized control can be ineffective (beset by communication problems) and may be too far from the event to make wise decisions.
Instead, you ought to combine the two teams. Consider it a constitution that directs the program by setting the lanes and encouraging cooperation. A deteriorated reaction can be the result of models that are not in agreement.
READ: Get to the top by hip-hop-hopping in the official Doodle Jump game!
When Planning Interacts With Real-World Procedures
We’ll presume you have a solid cybersecurity strategy in place and have faith in how it handles threats. It passes tests on its own. What takes place after it is included into the system?
Consider the fact that the effectiveness of incident response is reliant on inputs from a separate procedure (a reliance) that falls outside the purview of cybersecurity. There is usually a “ingestion source” where the problem first appears. Any of the following, such as a third party or the Security Operations Center, could be the culprit. Suppose it is customer service.
Consider that your business offers tech support. Your clients are complaining about bad service, even though you may not have yet seen any unique symptoms. Contacting your customer service department is the standard procedure.
What transpires if the customer service procedure is broken? In this case, it might be a poor customer experience (e.g., having to complete a lengthy form, not being able to get a hold of someone on the phone, having a broken ticketing system, etc.). In this case, it’s probable that the issue won’t be identified until much later because one of the key sources of intake is blocked.
What happens if the ingestion source is overburdened? The location to which the response will be addressed. the ‘clog’ (symptom), or the disease, in this case an attack?
It is appropriate to start a non-cyber business practice that has repercussions now.
Moving both downstream and upstream
Such problems might not only affect people involved in cybersecurity. This is how working in teams functions. Areas that can help or hurt cyber security can be found by mapping upstream and downstream processes and activities.
Threat actors may have known about the weaknesses in your customer service (bad practice). They might profit from these unethical actions. Support for customers, for instance, could be a strategy to utilize social engineering to concentrate on your consumers and undermine your customer support strategie.
What Business Procedures Affect Incident Response?
First off, it will require an exorbitant amount of resources to comprehend every potential process, vector, and response that could have an impact on your response. This is a mistake that won’t provide you with a respectable return on your investment. Nevertheless, you can prepare for the most frequently performed types. Put yourself in a good standing position among twenty people. Start from a good foundation.
You may have a lot of “unknown unknowns” that need to be turned into “well knowns,” it is true. The cybersecurity response will be impacted by your practices and procedures, thus you must ultimately obtain a deeper grasp of this. This calls for some investigation (understanding the sector) and creativity (thinking as an actor in the threat).
Specifying Impact Category
Conducting a quantitative and qualitative analysis is the next step once you are certain of the number of well-known names. You will require impact-related classification and criteria to achieve this.
Every company has a unique set of effect areas. Locate them in connection to your operational procedures. By doing this activity, you’re enhancing both your cybersecurity and your ability to respond to dangers.
Do you recall the illustration we used of the customer service issue? We would be able to identify the individuals and objects impacted and the nature of the effects if we could precisely map processes and assets. Both quantitative and qualitative perspectives allow us to identify the factors that are most crucial.
Maybe the way you handle customer service is a source of dependence for your cybersecurity response process. If clients can’t get in touch with your team, it might have an effect on internal procedures. A malevolent actor who is aware of these problems can further raise the threat.
Also However, even if you can’t see the connections between your business and cyber processes, they nonetheless exist. It closely resembles the continuity of the data lifecycle that we previously mentioned. The consequences of an incident or error could be worse than necessary if you don’t take action in this area.