Incident response (IR) is a significant challenge because organizations are often shellshocked when faced with a cyberattack. IR teams may have the right skills to react to and resolve security events, but a lack of preparation can exacerbate the problem at hand. To carry our their missions quickly and completely, IR teams need unfettered access to network resources. But they also need to do a better job of communicating with and advising business leaders and other nontechnical stakeholders in the event of a breach.
Preparing for Disruption
Cyberattacks always come as a surprise. They could be discovered by a rank-and-file employee who receives a notification that his or her system is locked, along with a demand for a ransom payment. Or perhaps the security team detects a breach and takes action to halt the attack.