According to the Accenture State of Cybersecurity 2020 report, the average cost of a cyber attack for ‘non-leaders’ stands at $380,000 per incident. The report classifies organizations into ‘leaders’ and ‘non-leaders.’ The ‘leaders’ are those who set the bar for innovation and achieve high-performing cyber resilience.
Given the rate of cyber attacks today, a security breach can easily run a non-resilient business into a major loss. Not to mention that the cost of data breaches goes beyond money by extending to data compromise.
These circumstances necessitate that enterprises develop a robust plan to not just prevent attacks but to also mitigate threats as soon as they appear. The best companies assess their cybersecurity by how fast they can detect a breach as well as close the gap to prevent an attacker from wreaking damage.
Assessing Risk Tolerance Level
The inevitable first step to building a resilient incident response plan is to answer the following two questions:
- What threats are your organization likely to encounter?
- What level of impact would a particular attack have on your organization if it occurs?
These questions help to clarify your risk appetite as they enable you to create possible scenarios for different types of attacks. A risk tolerance assessment determines the flow of security investments, tools and resources. A FinTech company, for instance, definitely has a low tolerance for a data breach given how catastrophic it can be.
The executive team of the business must be fully involved in risk tolerance decisions since cybersecurity risks can effectively cripple the business.
Threat Awareness and Detection Training
Employees are the first line of attack. It is impossible to build an effective response plan if workers can’t recognize threats. Even if threat mitigation requires the involvement of the IT team, every employee should be able to (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/3-steps-building-resilient-incident-response-plan/