Alex Waintraub and special guest, Aaron Goldstein, VP of Incident Response and Field Information Security Officer at Todyl, discuss the third common flaw in Incident Response Plans, that of having organizational silos. Read what these experts say and learn the dangers of organizational silos to your incident response plan and ways to mitigate and eliminate them. Listen to the podcast here: https://safehouseinitiative.org/10-common-flaws-in-incident-response-plans-flaw-3-organizational-silos/
Understanding and addressing these silos can significantly improve your organization’s ability to respond to cyber incidents effectively. One of the main issues in incident response is the lack of cross-functional collaboration. When teams do not communicate effectively, it leads to chaos and inefficiencies during a cyber incident. Aaron Goldstein, VP of Incident Response at Todyl, emphasizes that even large organizations can struggle with effective communication during a crisis.
Aaron shares a compelling example involving a small business that experienced a ransomware attack. The company’s IT team, in an attempt to recover quickly, started wiping hard drives without realizing they were destroying crucial forensic evidence. This lack of coordination between IT and the incident response team led to significant setbacks.
Similarly, Aaron mentions another case where a business email compromise led to fraudulent activities because the different teams involved did not communicate effectively. The lack of a unified response plan made it difficult to identify and mitigate the threat in time.
When an incident commander does not have a clear communication plan, it leads to various challenges. For instance, in many organizations, the IR plan is outdated, with contact information for people who no longer work there. This results in delays and confusion during an incident.
Another challenge is the lack of a well-defined decision-making process. Aaron points out that having clear roles and responsibilities is crucial to avoid conflicts and ensure a swift response. Without this, organizations waste valuable time and resources.
Legal and compliance considerations are often overlooked in incident response plans. Aaron stresses the importance of involving legal counsel early in the process. This is particularly critical in cases of business email compromise, where regulatory requirements may mandate specific actions.
Failure to consider these aspects can lead to significant legal and financial repercussions. Therefore, integrating legal and compliance teams into the incident response plan is essential for a comprehensive approach.
Aaron introduces the concept of an extended incident response team. This team includes not just the IT and security teams but also legal, marketing, and other key stakeholders. Having a diverse team ensures that all aspects of the incident are considered, leading to a more effective response.
By involving all relevant parties, organizations can ensure that they are not missing any critical steps or considerations during an incident. This holistic approach is vital for a successful incident response.
The cornerstone of an effective incident response plan is preparation. Aaron advises that organizations should not only have a plan but also test it regularly. This can be done through tabletop exercises where teams walk through various scenarios to identify gaps and improve their response strategies.
Regular testing ensures that the plan remains relevant and effective. It also helps teams become familiar with their roles and responsibilities, reducing confusion and delays during an actual incident.
Addressing organizational silos is crucial for an effective incident response plan. By fostering cross-functional collaboration, involving legal and compliance teams, and regularly testing your plan, you can significantly improve your organization’s ability to respond to cyber incidents.
Remember, preparation is key. Start with a basic plan and continuously improve it through regular testing and feedback. This proactive approach will save you time and resources in the long run, ensuring a more resilient and secure organization.