How to Create a Comprehensive Cybersecurity Plan
- Keywords:
- cybersecurity
- operations
- manage risk
Cybercriminals are actively trying to breach your defenses and steal your most valuable data. The best defense against cybercriminals is to have a plan in place to prevent, detect and respond to a cyber-threat or breach. This plan should document your company's specific capabilities in each area and identify who is responsible for each component of the plan.
Having strong prevention, detection and response capabilities will reduce the likelihood of a breach and minimize the damage should one occur. Follow these best practices when developing your plan.
Prevent Incidents Before they Happen
Mitigation starts with prevention, and prevention begins with backing up and encrypting data, patching vulnerabilities, installing effective email filters, restricting third-party access to company data, and monitoring for data exfiltration, as some of the examples of controls.
Since a breach can occur from inside a company, there are a variety of steps that can minimize internal and accidental risks. These include creating and enforcing a workplace security policy; training employees on practices for safe, secure and responsible online activity; implementing strong password requirements; establishing a well communicated incident reporting mechanism or other communication channel; and conducting rigorous pre-employment screening.
Consider also developing vendor cybersecurity policies and hold partners responsible for adhering to those policies in order to protect the digital ecosystem.
Detecting Threats
The second perimeter of defense is detecting threats as they materialize. Ensure intrusion software, including malware and anti-virus prevention and detection software, is installed and updated regularly. Use data loss prevention software to control what information end users can transfer outside the corporate network. Detect and prevent unauthorized access to network and systems. These tools can protect sensitive corporate data from leaving a secure network.
You should also deploy capabilities to monitor your environment for indicators of compromise (IOCs), forensic artifacts that indicate potentially malicious activity on a network. Searching for IOCs such as virus signatures, evidence of malware files and botnet domain names can reveal attack attempts.
Conducting penetration testing on systems, networks and applications can reveal vulnerable entry points that cybercriminals could exploit. Identifying and closing these gaps further reduces the likelihood of an attack.
Respond Quickly
Your plan should also outline the process you'll follow should a breach occur, including what you'll need to do to secure compromised systems and restore normal operational conditions. It should also identify roles and responsibilities for those on the incident response team, a dedicated group who will manage your company's response, including:
- Who will lead the response effort?
- Who will brief the board?
- Who will release a public statement and liaise with the media?
- How you will communicate with customers?
- The process for customers to receive credit-monitoring or other support if they need it
The plan should also detail the process for investigating the breach once it's fixed to determine how it occurred and then update systems, procedures and policies to ensure a similar incident doesn't happen in the future.
Sharing information is an essential component of an effective cybersecurity program. Certain industries have already created cybersecurity networking groups to share cyber-threat information and best practices with other businesses, including competitors, in the interest of protecting their industry. Other industries have been slow to organize such groups, so if one doesn't exist in your industry, consider creating one.
Review, Test, Revise, Repeat
Don't question IF you will experience a cyber incident, but WHEN. You can protect your systems by following cybersecurity best practices. Given the dynamic nature of cyber-threats, simply having a comprehensive plan is not enough. You must routinely review, test and revise these plans to ensure the appropriate teams are ready to respond at a moment’s notice.
Ask these Questions to Better Understand Your Cyber-threats
Do you understand the cyber risks facing your company? Ask your CIO (or IT director/vendor) the following questions to make sure your company is prepared to face evolving cyber-threats:
- Has a formal risk assessment been completed and is this assessment based on industry standard benchmarking?
- If the assessment was completed by an internal group can we complete an independent risk assessment?
- What are the gaps that were identified?
- What are we doing to close those gaps?
- Is there an adequate cybersecurity program in place, commensurate to the business risks and appetite that takes into account, people, process and technology?
- How are threats/attacks communicated to the leadership?
- How often are we conducting penetration testing of our systems?
- What is our formal process to respond to a breach?
- Are we (and how often) conducting tabletop preparedness exercises to test our response?
Read more
Aman Raheja
BMO U.S. Chief Information Security Officer
Cybercriminals are actively trying to breach your defenses and steal your most valuable data. The best defense against cybercriminals is to have a plan in place to prevent, detect and respond to a cyber-threat or breach. This plan should document your company's specific capabilities in each area and identify who is responsible for each component of the plan.
Having strong prevention, detection and response capabilities will reduce the likelihood of a breach and minimize the damage should one occur. Follow these best practices when developing your plan.
Prevent Incidents Before they Happen
Mitigation starts with prevention, and prevention begins with backing up and encrypting data, patching vulnerabilities, installing effective email filters, restricting third-party access to company data, and monitoring for data exfiltration, as some of the examples of controls.
Since a breach can occur from inside a company, there are a variety of steps that can minimize internal and accidental risks. These include creating and enforcing a workplace security policy; training employees on practices for safe, secure and responsible online activity; implementing strong password requirements; establishing a well communicated incident reporting mechanism or other communication channel; and conducting rigorous pre-employment screening.
Consider also developing vendor cybersecurity policies and hold partners responsible for adhering to those policies in order to protect the digital ecosystem.
Detecting Threats
The second perimeter of defense is detecting threats as they materialize. Ensure intrusion software, including malware and anti-virus prevention and detection software, is installed and updated regularly. Use data loss prevention software to control what information end users can transfer outside the corporate network. Detect and prevent unauthorized access to network and systems. These tools can protect sensitive corporate data from leaving a secure network.
You should also deploy capabilities to monitor your environment for indicators of compromise (IOCs), forensic artifacts that indicate potentially malicious activity on a network. Searching for IOCs such as virus signatures, evidence of malware files and botnet domain names can reveal attack attempts.
Conducting penetration testing on systems, networks and applications can reveal vulnerable entry points that cybercriminals could exploit. Identifying and closing these gaps further reduces the likelihood of an attack.
Respond Quickly
Your plan should also outline the process you'll follow should a breach occur, including what you'll need to do to secure compromised systems and restore normal operational conditions. It should also identify roles and responsibilities for those on the incident response team, a dedicated group who will manage your company's response, including:
- Who will lead the response effort?
- Who will brief the board?
- Who will release a public statement and liaise with the media?
- How you will communicate with customers?
- The process for customers to receive credit-monitoring or other support if they need it
The plan should also detail the process for investigating the breach once it's fixed to determine how it occurred and then update systems, procedures and policies to ensure a similar incident doesn't happen in the future.
Sharing information is an essential component of an effective cybersecurity program. Certain industries have already created cybersecurity networking groups to share cyber-threat information and best practices with other businesses, including competitors, in the interest of protecting their industry. Other industries have been slow to organize such groups, so if one doesn't exist in your industry, consider creating one.
Review, Test, Revise, Repeat
Don't question IF you will experience a cyber incident, but WHEN. You can protect your systems by following cybersecurity best practices. Given the dynamic nature of cyber-threats, simply having a comprehensive plan is not enough. You must routinely review, test and revise these plans to ensure the appropriate teams are ready to respond at a moment’s notice.
Ask these Questions to Better Understand Your Cyber-threats
Do you understand the cyber risks facing your company? Ask your CIO (or IT director/vendor) the following questions to make sure your company is prepared to face evolving cyber-threats:
- Has a formal risk assessment been completed and is this assessment based on industry standard benchmarking?
- If the assessment was completed by an internal group can we complete an independent risk assessment?
- What are the gaps that were identified?
- What are we doing to close those gaps?
- Is there an adequate cybersecurity program in place, commensurate to the business risks and appetite that takes into account, people, process and technology?
- How are threats/attacks communicated to the leadership?
- How often are we conducting penetration testing of our systems?
- What is our formal process to respond to a breach?
- Are we (and how often) conducting tabletop preparedness exercises to test our response?
Tell us three simple things to
customize your experience
