From the course: Incident Response Planning
Why do you need a plan?
From the course: Incident Response Planning
Why do you need a plan?
- [Instructor] You need an incident response plan. It's really as simple as that, but let's discuss why for just a moment here. Now, depending on your organization, you may actually be legally required to have an incident response plan. For example, if you happen to work for a federal government agency here in the United States, your organization is required to develop and establish both an incident response plan and an incident response capability under the provisions of the Federal Information Security Act, known as FISMA. So if you work for the federal government or one of its contractors, there's really going to be no way around this. According to congressional law, you must have an incident response plan. But if you're going to work in the commercial sector do you need to have an incident response plan? Well, you really should, but you're not necessarily legally required to have one. With that being said, it is considered a best practice in the industry to have an instant response plan because it is much more effective and less costly to prevent problems instead of trying to react to future problems and incidents. Unfortunately these days, it really isn't a matter of if an incident is going to happen within your organization, but really it's more a matter of when. Incidents are caused by numerous different types of attack vectors, including external or removable media with malware on it being inserted into your workstation, phishing, spear phishing and wailing attacks, web-based applications with embedded malware, brute force attacks or degradation of your networks and services, improper usage from authorized users, the loss or theft of your equipment, and numerous other attacks that don't cleanly fit into one of these categories that I just listed off. Now, it seems these days you can't turn on the news, scroll your favorite social media site, or even pick up a newspaper without hearing about the latest data breach that has occurred. In 2022 alone, there were over 4,100 publicly disclosed data breaches that exposed over 22 billion records. Now, some of these were considered smaller breaches such as the one at Revolut, which is a financial technology firm who had over 50,000 users affected, and that's considered a small breach. Others were significantly larger. For example, there's a dark website known as BidenCash that released the details of over 1.2 million credit card numbers in their dark web marketplace. This included things like the victim's names, bank accounts, social security numbers, email addresses, phone numbers, addresses, and of course, their credit card numbers so that way attackers could buy those card numbers and then use them to buy stuff in the real world. Now, most of these credit cards were stolen from other e-commerce sites that were actually legitimate sites, but the attackers were able to steal it and then sell them on the dark web to earn a sizable profit. Now, these data breaches are not slowing down anytime soon. Since early 2020, we've seen an increase of over 300% in cybercrime. In fact, in 2022, we've saw an exponentially large increase between the second quarter and the third quarter of that year with over 37% more data breaches occurring in just that three-month period. These data breaches are really expensive, and not just for the businesses, but also for the end users who are being affected. And that cost to clean up up the mess from these data breaches is continuing to skyrocket, costing our organizations and our consumers a lot more money. Because of this, it's really imperative that your organization developed a well-thought-out incident response plan on how you're going to handle a future incident. This plan is going to be used to document your organization's pre-planned responses and capabilities for working with other outside parties before, during, and after the incident. This might include outside contractors like incident response teams, law enforcement, the press, suppliers, partners, and of course, your victims. Now, when you must react to an incident, there's going to be a lot of moving parts. And if you've already have a process and plan in place, it's going to make this chaotic and stressful time just a little bit easier and a little bit less hectic and a lot more effective. And that's why it's important that your organization has a plan already prepared and ready to go when that incident occurs.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.