Rehearse your response — One of the best ways to determine if your incident response program will work is to engage the entire organization in regular test runs. These will identify potential gaps and oversights in your plan before a real cyber emergency occurs.
Invest in centralized resources — Ensure you are investing in up-to-date tools to keep pace with online criminals. Then, establish a centralized communications dashboard – a hub where incident response team members can both access these cyber security resources and provide updates to your organization concerning current threats and ongoing investigations. This hub can also be used by staff to report signalling threats such as purged logs, failed authentications and interactive log-ons.
Prepare the frontline — Incident response teams won't always be the first at the scene. Determine where cyber threats are most likely to originate and train staff in those positions to capture a memory image of the system, and document their activities. Otherwise, knee-jerk reactions (for example, running anti-virus software or deleting files) may make it more difficult to fully resolve an issue.
Engage players — Provide education to players to help them identity and stop cyber scams at their source. This will position your organization as an authority in online security and help make sure threats are brought to your incident response team's attention instead of dealt with (or ignored) by those who aren't trained to handle them properly.
About the author:
Kevvie Fowler, KPMG Partner, is a Cyber Security & National Cyber Forensics Leader. Paul Hanley, KPMG Partner, is a National Cyber Security Services Leader. To learn more about cyber security and how KPMG can support your organization, visit www.kpmg.ca/cybersecurity or reach out to Kevvie Fowler (firstname.lastname@example.org | 416.777.3742) or Paul Hanley (email@example.com | 416.777.8501).