Responding to Cyberattacks—Creating a Successful Contingency Plan

By: Brianna Plush

In today’s digital age, all organizations are exposed to some level of risk. As a baseline, companies are expected to have appropriate controls and safeguards in place to protect their customer’s information—but even the most well-postured organizations may still fall victim to cyberattacks. 

A report by Vanta reveals that over two-thirds of businesses say they need to improve security and compliance measures with almost one in four rating their organization’s security and compliance strategy as merely reactive. So, how can organizations move from a reactive to a proactive stance when it comes to the inevitable exposure to risks and threats? 

A significant way organizations can minimize the impact of such events is to create and maintain an appropriate cyberattack contingency plan. Let’s take a look at how to get started and the key components of responding to cyberattacks. 

Getting Started with a Cyberattack Contingency Plan

The starting point for a contingency plan is to think about how prepared a company is to resume operations in the event of an attack. In other words, how quickly can your organization recover information and restore operations? Ongoing backups and replicating critical system components are two essential processes to preparing for cyberattacks.

Backups and Replicating Critical System Components

As a crucial element of a contingency plan, backups of critical system components should occur at least daily to ensure these elements of the system are recoverable in the event of an outage. Additionally, critical system components should be replicated across multiple availability zones or regions to ensure the restoration of critical operations in the event of loss of function in the primary region. These two processes should be tested regularly through business continuity and disaster recovery simulations to ensure they function as intended and are ready to respond to an incident.

Responding to Cyberattack Incidents

In addition to preparedness for continuity, organizations must be ready to respond to the incident itself. Every organization should have a well-documented and reviewed incident response plan that details the following key elements:

• An incident response team or defined responsibilities and people accountable for incident response and reporting activities;
• An explicit ranking system for the severity of incidents and the tolerable amount of time to remediate based on predefined thresholds of acceptability; 
• Process for tracking an incident and the corresponding remediation procedures;
• Steps for root-cause analyses, lessons learned, and post-mortem activities to be carried out; and,
• A designated liaison between the company and affected customers is responsible for communicating the incident and its impact transparently.

Along with the business continuity and disaster recovery procedures, the incident response plan should be tested periodically through tabletop exercises or other simulations to confirm that it operates as designed. 

A company’s preparedness in terms of its day-to-day operations and readiness to respond to a more significant incident gives it the best chance to minimize the fallout of a cyberattack. When combined, these fundamentals of an organization’s control environment create an exceptional cyberattack contingency plan.

Contact us today for more information on creating a successful cyberattack contingency plan. 

About the Author

Brianna Plush
Senior Consultant, Attest Services

As a senior consultant for BARR Advisory’s attest services, Brianna Plush is responsible for planning and executing information technology audits and risk assessments for clients in the healthcare industry. She is also a certified ISO Lead Auditor and provides support to clients in pursuit of ISO 27001 certification.

Brianna graduated from Villanova University with a Bachelor of Business Administration in Accounting and Finance, Cum Laude. She has worked at EY and Villanova University as a research and teaching assistant. In college, Brianna was a member of the Beta Alpha Psi (Honors Business Fraternity), Accounting Society, Corporate Finance Society, Women in Business Society, and Business Leadership Society.