Arrange a call

The importance of proactive incident management

Incident Management

Incident management is a series of steps taken to identify, analyze, and resolve critical incidents which could lead to issues in an organisation.  It should also be about effectively planning and preparing for incidents.

Incident management is often just thought of as being reactive i.e. it is only done if an incident occurs.  In my opinion, there needs to be an element of proactive incident management that is built into the overall approach to managing incidents.

This becomes critical when an incident occurs and there isn’t the level of support needed to manage the incident effectively.  Often the unfortunate result is higher risk and a likelihood of damaging consequences. 

How can you take a proactive approach?

My view is that there is an additional two steps in the incident management process as described below.

Therefore, incident management process should consist of:

  • Planning – the review of how effectively can you manage incidents of different types.
  • Preparation – the activities required to ensure that the organisation is ready to manage incidents.
  • Identification – being able to identify and log incidents as and when they occur.
  • Containment – ensuring that the incident is contained without the possibility of further damage being done.
  • Root Cause Analysis – the assessment of how and why an incident occurred.
  • Recovery and Remediation – the tasks required to recover from the incident and any remedial tasks needed to ensure that the risk of it happening again is reduced.
  • Evidence Collation and Management – once the incident has been effectively dealt with, all evidence relating to incident should be collated and stored securely.
  • Lessons Learned – the review of what can be learned from the incident and fed back to reduce the risk of future occurrences and reduced impact.

 

The proactive steps are obviously relate to prior planning for incidents and ensuring that effective preparation is in place.

Planning for incidents

All organisations will have incidents to manage, it’s an inevitable fact of modern digital ways of working.

So, it’s really not a case of if I will ever get an incident. it’s a case of when will I get one.  Hence the priority that needs to be assigned to prior planning.

Questions that need to be addressed:

  • Do I have the skills needed to effectively manage incidents?
  • Do we know the legislative requirements that need to be followed?
  • Do we have the process and procedures well documented and tested?
  • Are we able to properly analyse our IT landscape to assess the level of containment and when we need to do root cause analysis?
  • Do our partners have the skills to support us?
  • Are we contractually covered for incident management support?
  • Do we have robust and tested Disaster Recovery and Business Continuity Plans?
  • Do we have a Communication Plan for key stakeholders?

 

If the answer to any of the above questions is ‘no’ or there is a level of uncertainty, then the reality is that you are probably not ready to effectively manage an incident.

Preparation for incidents

Organisations should properly prepare for incidents.  There are legislative requirements to support this stance that many organisations are unaware of.  Proper preparation would include:

  • Bridging the skills gap (e.g. outsourcing incident management).
  • Implementing the minimum legal requirements (e.g. readiness to manage an incident and log the details).
  • Having documented processes and procedures in place.
  • Ensuring that Disaster Recovery and Business Continuity plans are well documented and tested.
  • Being aware of the regulatory requirements around incident reporting (in the case of personal data breaches)
  • Implementing technical solutions to minimise the impact of an incident such as data breach.
  • Being confident that the IT environment is well documented, containment can be facilitated and root cause analysis undertaken.
  • Having a secure repository for incident evidence storage.
  • Ideally having implemented forensic analysis tooling and services so that containment, root cause analysis and recovery can all be done faster, resulting in reduced risk of damage.

 

What risks are my organisation exposed to if I haven’t planned and prepared properly?

This is fairly obvious, the likelihood of an incident resulting in financial loss and a damage to reputation is far higher that it would otherwise be.

For example, in the case if a data breach for:

A threat actor may be able to:

  • Infiltrate your IT landscape without detection.
  • Laterally expand the attack across your IT landscape, making containment far harder to achieve.
  • Encrypt data sources and prevent restoration from back-ups.
  • Disrupt the business in multiple ways, possibly even requesting a ransom to restore your systems and data.

 

Note – Another factor could be regulatory penalties, due to the non-adherence to data protection legislation in the way that the incident has been managed.  EU and UK legislation has the power to fine organisations up to 4% of their global turnover in the event of a breach of the legislation.

Avoidance of Risk

Organisations can significantly reduce their risk exposure by effective proactive incident management.

Get in touch with our team to discuss our incident management services.

Tagged , , , , , , ,
Arrange a call

Arrange a call

Please provide brief details and the best time to call you back.

Best time to call