Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Responding to Cyberattacks—Creating a Successful Contingency Plan

Published 09/09/2024

Responding to Cyberattacks—Creating a Successful Contingency Plan

Originally published by BARR Advisory.


In today’s digital age, all organizations are exposed to some level of risk. As a baseline, companies are expected to have appropriate controls and safeguards in place to protect their customer’s information—but even the most well-postured organizations may still fall victim to cyberattacks.

A report by Vanta reveals that over two-thirds of businesses say they need to improve security and compliance measures with almost one in four rating their organization’s security and compliance strategy as merely reactive. So, how can organizations move from a reactive to a proactive stance when it comes to the inevitable exposure to risks and threats?

A significant way organizations can minimize the impact of such events is to create and maintain an appropriate cyberattack contingency plan. Let’s take a look at how to get started and the key components of responding to cyberattacks.


Getting Started with a Cyberattack Contingency Plan

The starting point for a contingency plan is to think about how prepared a company is to resume operations in the event of an attack. In other words, how quickly can your organization recover information and restore operations? Ongoing backups and replicating critical system components are two essential processes to preparing for cyberattacks.


Backups and Replicating Critical System Components

As a crucial element of a contingency plan, backups of critical system components should occur at least daily to ensure these elements of the system are recoverable in the event of an outage. Additionally, critical system components should be replicated across multiple availability zones or regions to ensure the restoration of critical operations in the event of loss of function in the primary region. These two processes should be tested regularly through business continuity and disaster recovery simulations to ensure they function as intended and are ready to respond to an incident.


Responding to Cyberattack Incidents

In addition to preparedness for continuity, organizations must be ready to respond to the incident itself. Every organization should have a well-documented and reviewed incident response plan that details the following key elements:

  • An incident response team or defined responsibilities and people accountable for incident response and reporting activities;
  • An explicit ranking system for the severity of incidents and the tolerable amount of time to remediate based on predefined thresholds of acceptability;
  • Process for tracking an incident and the corresponding remediation procedures;
  • Steps for root-cause analyses, lessons learned, and post-mortem activities to be carried out; and,
  • A designated liaison between the company and affected customers is responsible for communicating the incident and its impact transparently.

Along with the business continuity and disaster recovery procedures, the incident response plan should be tested periodically through tabletop exercises or other simulations to confirm that it operates as designed.

A company’s preparedness in terms of its day-to-day operations and readiness to respond to a more significant incident gives it the best chance to minimize the fallout of a cyberattack. When combined, these fundamentals of an organization’s control environment create an exceptional cyberattack contingency plan.

Share this content on your favorite social network today!