The Importance of an Incident Response Plan
Cybercrime is big business, and it’s paying well. Even when they aren’t demanding ransom to restore stolen data, criminals can sell it on the dark web or use social engineering tactics like BEC scams to trick companies into sending them money. Recent research by Acronis suggests that in 2023, the average cost of a data breach will reach $5 million. The study found that more than 22% of companies that experienced malware attacks in 2022 were in the U.S., making U.S. companies the leading targets of malware worldwide.
Although some leaders in small to medium-sized businesses (SMBs) may think their companies aren’t big enough for cybercriminals to worry about, nothing can be further from the truth. Smaller businesses are highly attractive targets because they don’t have the vast resources that large enterprises do for internal IT departments and sophisticated security solutions. Research by Coro found that attacks against SMBs increased 150% between 2020 and 2022, so they now face attacks about as often as large enterprises.
While small businesses aren’t likely to suffer the multimillion-dollar losses that large enterprises often do, a data breach can do more harm to a small business than a larger one. Because they tend to be less prepared, it often takes small businesses longer to recover after a breach, which means they lose more as a result of downtime. Many don’t recover at all; frequently cited research shows that 60% of small companies go out of business within six months of an attack.
The costs to small business can add up in unexpected ways. Even if you never pay a ransom for your data, recovery involves multiple steps. The U.S. Federal Trade Commission (FTC) recommends the following measures after a data breach:
After a breach, businesses must move quickly to secure systems and remedy vulnerabilities that may have enabled a successful attack. This includes locking physical areas that may have been involved, mobilizing teams to prevent further data loss, and promptly removing any data that was improperly posted on your company’s website or elsewhere. You should immediately take all affected equipment offline, but leave devices turned on until forensic experts have an opportunity to examine them.
Depending on your operation and the nature of the breach, you may need an incident response team that includes a variety of experts.
Once your systems are secure and you’ve taken steps to gather and preserve evidence, it’s time to fix the problems that may have allowed the breach in the first place. For example, if you know an employee fell victim to a phishing attack, you’ll want to make your staff aware of how to recognize these scams and avoid falling for them in the future. Create a strong security culture by adopting and training your employees in best practices like using strong passwords, properly using two-factor or multifactor authentication, and using only secure internet connections to access company systems.
The FTC recommends the following steps when assessing vulnerabilities:
Even the best prevention plans can fail. An incident response plan is critical to limiting your losses in the event of a breach. It ensures your team is ready to leap into action, taking immediate steps to secure operations and minimize damage to your organization. Pendello specializes in providing managed IT services to SMBs, including cyber threat management. For more tips on protecting your business, browse our blog.