By Patrick Wragg on March 30, 2021

5 Incident Response Best Practices You Should Know About

Managed Security Services, Incident Response

With cyber criminals developing more sophisticated online and offline threats, security breaches are a matter of if, not when. In fact, 65% of security professionals believe they will be dealing with a major breach within the next 12 months, and with the average cost of a data breach totaling over $3.86 million, the stakes couldn't be higher. 

CTA-Incident-ResponseIt only takes one security breach to cause catastrophic financial and reputational damage and leave you open to legal liabilities. As a result, detecting and remediating security incidents fast is essential for reducing the impact of a "successful" attack. 

Having a proactive incident response process is a must to ensure your employees know how to respond to security breaches intelligently and effectively. Below we're going to look at five incident response best practices you can use to improve your data breach resolution capabilities. 

1. Create an Incident Response Plan

One of the simplest ways you can prepare for security incidents is to build an incident response plan. Creating a clearly-defined incident response plan will enable you to outline procedures for detecting, controlling, and remediating security incidents so that employees know to respond to security events when they occur. 

According to the SANS framework, your incident response plan should include six steps; preparation, identification, containment, elimination, recovery, and a post-incident review process. We recommend basing your plan on SANS recommendations to ensure that you have a comprehensive incident response procedure in place to deploy during emergencies. 

2. Produce Threat-Specific Incident Response Playbooks

No two cyber threats are the same, and employees need to know how to respond to different threat scenarios to remediate incidents quickly. One effective way to educate employees about cyber threats is by creating a series of incident response playbooks that provide an overview of specific cyber threats and how to mitigate them. 

For example, threat playbooks can explain how common cyberthreats like malware, ransomware, phishing attempts, and DDoS attacks work and outline what actions an employee can take to protect key systems during each scenario. You can also circulate playbooks via email updates to regularly raise employee threat awareness.

3. Create a Communication Plan 

Your employees are your first line of defence against cyberattacks, so setting out a communication plan with a standardised process for employees to report cyber attacks and coordinate remediation attempts is critical for containing incidents. Your plan should highlight who to contact to report a breach and the roles/responsibilities of each employee.

It should also include a process for notifying regulators about past data breaches. For instance, if you collect the personal data of EU citizens, then your communication plan should have a section outlining a procedure for contacting the ICO within 72 hours of a data breach, so you're not vulnerable to being fined. 

4. Outsource to a MSP If You Don’t Have the Necessary Expertise

If you're one of the 22% of organisations that report having limited resources available to respond to a security incident or your team doesn't have the necessary cybersecurity expertise, then signing up for managed incident response services is one of the most cost-effective ways for you to contain security events in the shortest time possible. 

A managed incident response service provider will provide you with on-demand access to an experienced team of cybersecurity experts who can provide emergency support during a cyberattack and proactive guidance on building a high-level internal incident response plan.

5. Keep Your Incident Response Process Simple 

An effective incident response process is all about simplicity. If your response process is too complex, your employees will struggle to implement it during a live attack. Taking a few basic steps like building an incident response plan, communication strategy, and threat-specific playbooks will dramatically enhance your ability to respond to threats. 

However, if you want to optimise your event resolution, it's a good idea to work with a managed incident response service provider. An experienced provider can offer support to help you resolve security incidents faster so that you have peace of mind that your business can fend off even the most experienced cybercriminals. 



Want to be prepared to resolve cyberattacks as fast as possible? Contact our expert team today to find out how we can help improve your incident response process.

Contact Us

This blog and its content are provided as a general guide to the subject matter. You should always seek specialist advice about your specific situation.

Sign up to receive the latest insights

Join our cyber security community to stay up to date with the latest news, insights, threat intel and more right in your inbox.  All you have to do is choose how often.