Get in touch

408-366-8880

mymail@mailservice.com

Cyber Incident Response Plans: An Overview

Chris Freitas • Jan 22, 2021

The costs and lost profits associated with a cyber incident or breach can result in a small to mid-sized business closing its doors. The average global cost of a data breach in 2019 was $3.92 million according to the 2019 Cost of a Data Breach Report. Therefore, cyber incident response plans are crucial for business continuity in today’s world of technology.

With the vulnerabilities of a mostly remote workforce due to COVID, cybersecurity needs to be assessed and ramped up to mitigate the increased risk. Part of the assessment and response to a remote workforce includes revamping cyber incident response plans to accommodate remote work environments.

OBJECTIVES & PHASES OF CYBERSECURITY INCIDENT MANAGEMENT

Cyber incident response plans are designed to help businesses deal with a cyber incident or breach. A quick and successful cyber crisis response can save the company a significant amount of time and money.

Some of the objectives of cybersecurity incident management include:

Being proactive to avoid cybersecurity incidents and breaches
Mitigating exposure and threats during a cybersecurity event
Reducing costs associated with cybersecurity incidents
Minimizing the impact of breaches of privacy, information, and personal records
Assessing and reporting findings to appropriate stakeholders
Improving coordination during cybersecurity incidents
Learning from cybersecurity incidents and applying necessary changes to prevent future incidents
Training employees to help prevent cybersecurity incidents

The phases of a cyber incident response plan include:

Planning and preparing: Proactive actions to address possible cyber incidents, including plan development, incident response team formation, applying protocols and safeguards, and sharing and testing the plan, are necessary.
Detecting and reporting: Monitoring systems and detecting incidents are part of this phase.
Assessing and decision making: This phase includes assessing the risk, confirming an incident, and determining the best course of action.
Responding: Response involves all elements to contain, eliminate, mitigate damages, recover from, and analyze the threat.
Follow-up after the event: The final phase following a cyber incident involves assessing the threat, learning from it, and applying necessary improvements.

CYBER INCIDENT RESPONSE PLANS PRE-COVID

Pre-COVID, the majority of cyber incident response plans were developed for an on-site workforce in corporate-controlled work environments. After the pandemic hit, organizations were forced to quickly move to a remote-work platform, increasing vulnerabilities and risks for cybersecurity incidents and breaches. As a result, cyber incident response plans are needed to fit the new remote work scenario.

COVID-RELATED CYBERSECURITY VULNERABILITIES

The number and severity level of cyber attacks have increased exponentially since the pandemic began. Cybercriminals have upped their game to tap into exposed and vulnerable networks to send spoofed emails, malicious attachments and links in emails, and register fraudulent domains.

For example:

The H1 2020 Cyber Insurance Claims Report shows a 47% increase in the severity level of ransomware attacks since October 2020 and a 67% spike in email attacks.
Mimecast found approximately 14,000 recently registered, suspicious domains during the holiday season and found between 53 and 87 domains suspiciously registered for a single retailer in just one day.
Mimecast’s 2020 Q3 North America Threat Intelligence briefing showed around 10 million attacks involving a mix of trojans, worms, viruses, and other malicious code reported.
In late October 2020, there was a 30.3% increase in email impersonation efforts and a 55.8% increase in URLs deemed malicious in embedded emails.
Recorded Future showed more than 400 suspicious COVID-related domains were created per day in February 2020, and close to 800 per day were created at the end of July 2020, up from less than 50 per day in January 2020.
The National Cyber Awareness System reported a significant uptake in COVID-19 related SMS phishing, email phishing, malware distribution, and suspicious new domain registration, all with COVID-19 related themes and lures in April 2020.

Cyber vulnerabilities related to the pandemic include the quick shift from in-office to remote work that required IT to move quickly. With the goal of business continuity, which needed rapid migration to remote networks and cloud environments, IT might have bypassed standard security protocols in the process. In turn, cybersecurity was likely weakened, violated, or eliminated.

Additional vulnerabilities include an increase in employees conducting personal business from work devices, using unprotected wireless networks to log on to work networks, and accessing work-related files from personal devices.

ADAPTING CYBER INCIDENT RESPONSE PLANS TO REMOTE ENVIRONMENTS

Large-scale remote workforces are part of the new normal for many businesses. As a result, cyber incident response plans need to be adapted for the long-term. To adapt cyber incident response plans to remote environments, the following steps should be considered:

Develop a response plan for the remote environment
Identify weaknesses
Review current configurations
Implement regular reviews of remote systems
Test adaptations made
Communicate changes
Educate staff
Have cybersecurity insurance in place

DEVELOPING CYBER INCIDENT RESPONSE PLANS FOR REMOTE ENVIRONMENTS

Supporting the remote environment as quickly and efficiently as possible is a vital aspect of a remote work cyber incident response plan.

Organizations should include how cyber incident review or forensics can successfully be conducted for remote systems. Quick collection of IT systems logs is required to respond to potential cyber threats efficiently. When systems are taken offline for remote works, businesses also need to have protocols in place to get staff back online as quickly as they can.

IDENTIFY WEAKNESSES

Testing current remote IT systems with a worst-case scenario cyber event will help to identify weaknesses. After the test, identify what worked and what failed. Then, assign employees or a team to address your cyber incident response plan's weaknesses and gaps.

REVIEW CURRENT CONFIGURATIONS

When looking at current IT configurations, it’s important to identify where risks are increased when the staff is working remotely. If there are preventative protocols that would protect the IT network, such as eliminating the use of USB ports, they should be considered and possibly rolled out to the entire organization when appropriate.

IMPLEMENT REGULAR REVIEWS OF REMOTE SYSTEMS

Consider increasing the number of logs or reviews of remote work IT systems to identify unauthorized or suspicious activity more quickly. Where possible, automate the review process.

TEST ADAPTATIONS MADE

Testing response plans is one of the best ways to reduce the cost of a cyber incident. Any adaptations made to cyber incident response plans should be tested to prepare for an actual cyber incident and take care of any potential gaps.

COMMUNICATE CHANGES

A response plan is only as strong as its weakest link, and knowledge is power. Also, a united front that includes all employees and stakeholders helps to strengthen cybersecurity. Once changes have been made to your cyber incident response plan, those plans need to be communicated with all parties impacted by and involved with the plan.

EDUCATE STAFF

Implementing effective cyber incident response plans is critical and involves educating employees. Employees must understand the necessity of using caution and taking appropriate steps to prevent data breaches and cyber incidents. They need to know what to watch for to identify scams, phishing, and suspicious URLs, as well as how to report suspicious activity and possible breaches.

Understanding the risk associated with opening suspicious links and attachments is also essential. Users opened 30% of phishing messages, and 12% clicked on the malicious attachments or links included in the messages, per the Verizon Data Breach Investigation Report. Opening such attachments or links improves the likelihood of a cyber breach.

Another risk factor associated with the pandemic is the increased stress, distraction, fatigue, and fear employees possibly feel due to COVID. These factors potentially increase the vulnerability of employees to cyber-attacks and human error when working from home.

It is ideal for cybersecurity education to reach employees through various mediums. Webinars, in-person training, email communications, posters, and hard-copy materials are all possible training and educational tools to incorporate into a company’s cyber incident response plan.

HAVE CYBERSECURITY INSURANCE IN PLACE

The purpose of insurance is to mitigate the risk associated with a financial loss. Cybersecurity insurance mitigates risks associated with losses due to a cyber incident.

There are several types of cybersecurity insurance available. Business cybersecurity policy options include:

Network security and cyber extortion/ransomware coverage
Data breach and privacy crisis management
Breach response coverage
Network business interruption coverage
Fiduciary liability coverage
Media liability coverage
Professional liability coverage
Errors and omissions cyber insurance
Reputation management insurance add-on
Bricking cyber insurance enhancement add-on
Social Engineering enhancement add-on

Items covered under certain cyber insurance policies include loss of equipment and profits due to a cyber event. Claims of breach of contract, liability associated with information breaches (e.g., personal and financial information), and ransomware requests and extortion are covered under other cyber insurance policies.

BEGIN YOUR CYBERSECURITY JOURNEY WITH KBI

Cybersecurity response plans for remote environments are here to stay for many organizations. As part of a remote work cyber incident response plan, it’s essential that organizations, regardless of size, have the right types and levels of cybersecurity insurance plans in place.

If you’re in the market for cybersecurity insurance or want to discuss a cyber incident response plan to ensure your organization is covered, KBI is here to help. Don’t hesitate to give us a call, so we can work with you to review your cybersecurity plan and fill any possible gaps for your peace of mind.

Contact us today by submitting our online contact form or calling us at 408.366.8880. We look forward to working with you!

< Older Post Newer Post >

221 Main Street #1462,

Los Altos, CA 94023, United States

408.366.8880

Services

We believe in 100% employee satisfaction

Latest Thinking

How to Receive Agriculture Insurance for Your Agribusiness

by Chris Freitas • 23 Apr, 2024

As the agricultural sector evolves and expands, the need for comprehensive medical plans tailored to the unique demands of this industry has become more pronounced. That’s why KBI Benefits is proud to offer UnitedAg medical plans designed specifically for agribusinesses, providing a robust solution to protect your employees and your agribusiness. Let’s discuss what agriculture medical insurance is, who it’s for, and how KBI Benefits can help you get started. What is Agriculture Medical Insurance? Agriculture medical insurance, particularly in the context of medical plans, offers coverage that protects farm owners, operators, and their employees against the financial burdens of medical expenses. This insurance is essential for mitigating the risks associated with illnesses and injuries that can be common in a physically demanding job. Health insurance for agribusinesses not only covers medical and hospital bills but often also includes wellness programs and preventive care, which are crucial in maintaining a healthy workforce. How to Receive Agriculture Insurance for Your Agribusiness The scope of agriculture medical insurance, extends to many entities in the agricultural sector, including entities that empower or influence agricultural businesses. This includes: Agriculture Production: Businesses engaged in crop and livestock production. Agricultural Services: Companies providing support services to the agriculture sector, such as soil preparation, planting, and harvesting. Forestry and Timber: Entities involved in the management and production of forest resources. Commercial Fishing and Hatcheries: Businesses focused on the breeding, raising, and harvesting of fish and other aquatic species. Agribusiness Support: Firms involved in the processing, distribution, and marketing of agricultural products, as well as those supplying equipment and inputs like seeds, chemicals, and machinery. To qualify for UnitedAg medical plans through KBI Benefits, companies must demonstrate that they derive at least 51% of their income from production agriculture or agribusiness-related activities. Most businesses within the Standard Industrial Classification (SIC) Codes for Agriculture, Forestry, and Fishing are eligible, although there are specific criteria and exceptions that may apply. Speak with a KBI Benefits agent today to learn more. How KBI Benefits Facilitates Agriculture Insurance KBI Benefits, in collaboration with UnitedAg, provides specialized medical plans tailored to the needs of the agricultural industry. Our recent appointment to offer agriculture medical plans underscores our commitment to enhancing the well-being of those who work hard to feed the nation. Here's how we help: Customized Solutions: We understand that no two agribusinesses are the same. KBI Benefits offers personalized consultations to ensure that the coverage meets the specific needs of each business, considering factors like company size, types of activities, and employee needs. Easy Accessibility: Our team of dedicated agents is just a call away, ready to guide you through the process of selecting and setting up the right plan for your business. Comprehensive Coverage: The UnitedAg medical plans offered by KBI Benefits cover a range of health services, from emergency care and hospitalization to preventive wellness programs, ensuring comprehensive coverage for your workforce. Support and Advisory: Beyond just providing insurance, we serve as a partner in ensuring the health and productivity of your employees, offering ongoing support and advice regarding your agriculture medical insurance to keep your operations running smoothly. Conclusion The health of your employees is as critical as the health of your agribusiness. In an industry as physically demanding as agriculture, having the right medical coverage is not just beneficial; it's essential. Protect your most valuable asset—your people— by speaking with a KBI Benefits agent today . We'll help you choose the agriculture medical insurance plan that best suits your agribusiness's needs, ensuring peace of mind and fostering a healthier, more productive workforce.