Blog / How will your organization react to a cybersecurity incident?
Unfortunately, tossing blame around is all too common.
An important part of good cybersecurity is preparedness. That means thinking ahead and having business continuity and disaster recovery plans for when things go wrong. When a situation is critical it’s easy to lose track and miss important details, so having robust plans will relieve some of the stress and help make sure that important steps aren’t missed.
The same is true for a cybersecurity incident as well. Having a plan on how to investigate and deal with such a situation is important. Some legislation imposes various requirements on when and who information needs to be reported to in the event of an incident, and failing too can result in significant penalties.
Which is all well and true, but what does all of this have to do with blaming employees?
Every cybersecurity incident needs to be investigated. It’s not enough to simply correct the situation and get things back up and running. You have to figure out how it all started to help defend against it in the future.
Which is where the problems can develop. Sometimes when an investigation discovers the initial infection vector was the result of someone visiting a dodgy website or clicking a malicious email link, all the blame gets pinned on that one person, and the incident is declared over. The bigger the disruption and higher the costs, the more likely it will happen. Someone will get blamed for the breach (correctly or not), and then the organization will go back to normal.
The problem is that an organization can caught up in finding out who caused the problem and laying the blame at their feet. They lose sight of the fact that that’s not the reason for the investigation. You should be figuring out what went wrong so you can improve your defenses. For example, some organizations may terminate someone who clicked on a bad email and pat themselves on the back thinking they’d solved the problem when in actuality they should be looking at their defenses and asking questions like:
- Have you provided any training or education that could have prevented this?
- Were any official policies or procedures violated or bypassed in this incident?
Rather than trying to point fingers, look for things that could help prevent this from happening again.
I turn to Hamlet for this week’s Shakespeare quote: “I have heard of your paintings well enough. God hath given you one face and you make yourselves another… It hath made me mad.”
If you’d like help developing an appropriate incident response plan, feel free to contact a TRINUS cybersecurity expert today and we’ll be happy to help out.
Be kind, courtesy your friendly neighbourhood cyberman.