Is Your Institution's Incident Response Plan Good Enough?
Banks are required to have IR plans, and they do. But if you ask, you learn that many are not sure how well these plans will stand up under stress. Consider the regulatory requirement for banks to report cyberattacks within 72 hours of occurrence. If IR plans can’t keep pace with evolving attacks, financial firms could find themselves outside the 72-hour window before an attack is even detected, much less reported and mitigated.
Given that the average time to detection and remediation of a cyberattack is now 287 days, organizations can’t afford IR plans that are all style and no substance. Part of the problem is that while firms have a general sense of how they will respond to a cyberattack, very few actually conduct dry runs. In addition, many companies don’t train people beyond the IT team in IR processes. Given that attacks often start at the edge of business networks, incident response is for everyone.
READ MORE: Mitigate cyber risk with these financial solutions and services.
3 Crucial Steps for Better Cybersecurity Incident Response
What needs to happen to make sure a financial services firm’s IR plan is effective?
First, companies need to conduct regular penetration testing to understand where networks may be vulnerable, such as via internal applications or cloud-based services. Second, they need to carry out simulated attacks that test IR plans in action. Are the people notified at the right time? Do they have the tools and technologies needed to address the issue? Finally, companies need to update their IR plans based on the results of these tests.
Ideally, penetration testing should be carried out annually or whenever there is a change in infrastructure. Simulated attacks should occur annually but no more than three years apart, and IR plans should be updated in response to changes in personnel, IT tools, or infrastructure.