Original source: Cohesity
This video from Cohesity covered a lot of ground. Cohesity News selected 5 key moments and summarises them here. Everything below links directly to the timestamp in the original video.
Discover how proactive planning in people, processes, and technology can safeguard your organization against the financial and reputational damage of unforeseen incidents.
Organizational Resilience Requires Proactive Planning for People, Process, and Technology
Building organizational resilience depends equally on people, processes, and technology, according to Aaron Joe. Unprepared personnel, even with robust processes, can lead to chaos and costly delays during an incident, impacting time, money, and reputation. Proactive measures, such as mapping reporting and contractual obligations, identifying key contacts for trust-building, and understanding potential data impacts, are crucial.
Investing in these preparatory steps upfront can significantly reduce time and financial burdens during an incident. Organizations should establish clear procedures and ensure their teams are trained to execute them, building the necessary "muscle memory" to respond effectively when crises arise.
"You could have all the greatest processes, but if your people don't know how to exercise them and use them, then you often end up with chaos and paralysis and delays."
Integrate Ethics with Legal Obligations for Stronger Organizational Trust
Organizations should integrate ethical considerations with legal obligations to build and maintain trust, rather than solely focusing on legalistic analysis. Proactive communication and support following an incident, even if not legally mandated, is crucial for maintaining reputation and preventing worse outcomes. Waiting for external exposure can lead to federal investigations, regulatory issues, and significant damage to an organization's standing.
By owning the narrative and demonstrating trustworthiness through transparent actions, organizations can foster stronger relationships with customers and avoid deeper scrutiny. Providing assistance and conducting thorough impact assessments beyond mere compliance helps build a resilient foundation of trust.
"Not only what am I legally required to do or what are my obligations, but what is the right thing to do for the organization and for the company and for your customers?"
Continuous Preparation and Community Building Key to Incident Resilience
Effective organizational resilience demands continuous preparation, stress testing, and developing "muscle memory" to handle major incidents, which can cause significant emotional and financial fatigue. Organizations often avoid stress-testing their response plans, leading to breakdowns when actual crises hit. Building a robust support community is also critical.
This community should include strong partnerships with data companies, incident responders, law firms, and government agencies like the FBI. Proactive engagement with these partners helps navigate the complex aftermath of a data breach, mitigating prolonged business disruptions and supporting employees dealing with the incident's long-term consequences.
"You need to continually prepare, right? It needs to become muscle memory. You have to test for stress because oftentimes people want to do the tabletop exercises on the easy things, but they don't really want to test for the stress that your organization will encounter in a major incident."
Every Employee's Role is Critical for Incident Readiness
Organizational readiness for incidents hinges on every employee understanding their specific role and function within the response framework. A strong leadership bench, capable of providing 24/7 oversight during prolonged recovery efforts, is vital, as is clear command and control. The general counsel plays a critical role in quarterbacking the recovery, often managing investigative aspects under privilege to benefit the organization.
Timely decision-making, guided by core principles like trust, is paramount. While not every scenario can be anticipated, a well-prepared organization with established leadership, defined roles, and stress-tested principles can respond resiliently to almost any challenge.
"Your organization is not really ready until every person in your organization is ready. If they don't know what their role is in an incident and they don't understand where they fall and function, then you're not really ready."
Organizations Struggle with "Long Data Tail" After Incidents
Organizations frequently struggle with the "long data tail" following a security incident, which extends beyond initial network recovery to encompass complex data analysis. This includes determining if data was accessed or exfiltrated without authorization, proving what was and wasn't compromised, and managing regulatory and privacy obligations related to personal or health information (PII/PHI). Moreover, threat actors often target backups, complicating recovery efforts.
Robust data governance and technical capabilities are essential to trace threat actor actions and confidently assess data impact. Organizations should also prioritize deleting unnecessary data to reduce risk and invest in tools that provide clear insight into data movement and status post-incident.
"When you think of incident response, you typically think about can I get my network and processes back up and running, but you don't always think about the long data tail that follows."
Summarised from Cohesity · 20:37. All credit belongs to the original creators. Cohesity News summarises publicly available video content.
