Singapore: Effective Cyber Incident Response Begins Before An Attack

Any organization, regardless of industry or size, that handles or stores personal or sensitive information presents an opportunity for cyber threat actors to exploit. Accessing, exfiltrating, and ultimately leveraging this information – whether through sale or extortion – is the goal of many cyber actors. The hospitality industry is full of personal information, like email addresses and birthdates, as well as potentially more sensitive information, like payment card details, making it a lucrative target.

So, how do organizations stay ahead of threats and ensure that they are properly prepared to detect an incident?

Simply put, every organization should have an incident response plan (IRP) that is tailored to the specific risks they face, and it should be routinely tested and altered to keep pace with evolving threats. The first time an IRP is put into use should not be during an actual cyber attack.

Before building an IRP, organizations should establish and train a dedicated incident response team and ensure that the tools and resources needed for an effective response are available. This can be determined through a cyber risk assessment that identifies critical assets, threats, and vulnerabilities facing the organization.

From there, employees across the entire organization and from all departments should know their exact roles and responsibilities in advance. This creates a unified and efficient decision-making process throughout the incident response lifecycle, which is crucial in addressing the elements often associated with a cyber attack or breach: containing the incident, preserving evidence, following regulatory requirements, disclosing information to key stakeholders, eradicating the threat, and beginning remediation efforts.

This process should be assessed, practiced, and enhanced through regular cyber incident response exercises, which helps evaluate incident response efforts, and provides organizations with insight into their strengths and weaknesses. As a result, the lessons learned can help improve the effectiveness of an IRP, and the takeaways can create stronger readiness to detect and respond to an attack.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.