https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Shutterstock

Incident Response

Technology Isn’t Enough When Responding to Crisis

  • Written by Tim Brown
  • May 31, 2018
If everyone is aware of the plan and has been drilled on it, you can hit the ground running — until you realize no one brought their sneakers. Details matter.

The best technology in the world can’t prevent or solve all of today’s business challenges. As trusted IT advisers, VARs and MSPs must always take into account the human element within each and every fire drill they work to avoid or resolve. No matter what type of crisis a customer may face, be it a major cybersecurity incident or downtime caused by a weather event, it’s important to pay as much attention to the nontechnical aspects as to the technology. 

For instance, a business that suffers a security breach has to put people in charge of different facets of the response, from notification to investigation to remediation. The same goes when activating a disaster-recovery plan. MSPs, and all channel partners, should make it part of their charters to help clients with crisis-response readiness. This means preparing them for a situation we and they hope will never happen — but they’ll be glad they were ready if it does.

A recent IBM/Ponemon IR survey shows much room – and impetus – for improvement: Seventy-seven percent of respondents admit they don’t have a formal cybersecurity incident-response plan applied consistently across their organizations. Yet the cost of a data breach was nearly $1 million lower on average when organizations were able to contain the breach in less than 30 days.

There are three main phases to readiness:

1. Pre-Incident Planning: When discussing crisis response, stress to clients that they should approach planning not as if a disaster could happen but as if it will. This creates the right mindset for springing into action when things go haywire. A crisis response procedure – be it an incident response plan (IRP), business continuity plan or both – must lay out all the steps involved in responding to an unexpected event. For instance, who’s in charge of restoring data from backups in case of ransomware, and in what priority? If a cloud service or WAN links are down, what sequence of steps must you follow to get them back online? The plan should specify exactly who does what and when. Include contact information for all service providers and suppliers.

An internal communication strategy is also needed. If employees can’t get into the office, what number do they call, and who will guide them as they activate the response plan? What is the chain of command?

Training is another key component of crisis planning. Employees won’t know what’s expected of them in an emergency if they haven’t been drilled on it. Sending around a document in an email isn’t nearly enough. Any procedure that depends on employees reacting properly must be tested through training and drills to ensure everyone understands their roles in a crisis. There should also be contingencies for cases in which key employees are prevented from working.

2. Model Incident Response In Real-World Mode: Should a crisis occur, a company that has prepared for the nontechnical aspects of response should be able to activate its plan without blinking an eye. The problem is, customers often leave gaping holes in their strategies. We see this again and again with major security breaches, when companies either take too long to disclose a breach or botch the disclosure because they weren’t ready. For instance, the Equifax security breach caused a serious backlash as consumers complained about what they viewed as a tardy and inadequate response.

Bad PR and other collateral damage is avoidable with proper planning and assignment of duties. In a security breach, the security team or the service provider must jump into action to isolate a piece of malware, remove infected machines from the network, assess the amount of damage, initiate the forensics process and start remediation. Depending on the type of breach, the laws currently in effect (hey there, GDPR) and the business involved, there are legal requirements to address. These vary by country and state, so it’s important that the legal team always stay current on breach disclosure requirements, penalties for negligence, and so forth. 

On the PR front, a company needs to make a public statement as soon as reasonably possible to address the known extent of the damage and provide assurances that it’s taking the necessary steps to respond and minimize harm to its clients. The statement should be relayed to customers, partners and any other relevant parties. This part of the response is absolutely critical: People typically are willing to forgive a company for an incident, even if self-inflected, but they’re much less magnanimous if they perceive the response as being botched or handled dishonestly.

As they say, it’s not the crime, it’s the cover-up.

3. Always Improve: Having a crisis-response plan is a necessity in today’s business world. But an IR plan isn’t something you come up with and set aside to dust off later as needed. It should be reviewed frequently to remind employees of their roles and ensure continuously improved relevance. It’s critical to test the plan often. The best way to do that is to invoke the plan for important but noncritical events. Take the recent Meltdown and Spectre chip vulnerabilities as an example. Invoking the plan in a case like this allows you to evaluate and do nothing, or decide to apply a patch. If you help a customer invoke its plan regularly, they are gaining valuable practice for those major events that can have a significant impact, while you gain insights into the business that can help you serve them better. As we all know, practice is essential in our line of work.

Tim Brown, VP of security for SolarWinds MSP, has more than 20 years of experience developing and implementing security technology. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the U.S. government on security initiatives, and holds 18 patents on security-related topics.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Best Practices Security Strategy Technologies

Related


  • Colleague fist bump
    Slack Reports Strong Enterprise Growth Alongside Office 365 and Teams
    CEO claims many Office 365 customers ditch bundled Teams for Slack.
  • Network integration
    MSP 501 Profile: QOS Networks Has Its Eye on Network Integration
    501-er QOS Networks talks about the IoT and AI, overall network security and the increased adoption of SD-WAN.
  • Push back against controversy
    AWS re:Invent 2019: Jassy Pushes Back on JEDI Award to Microsoft
    The AWS CEO spoke publicly this week about the controversial project.
  • #1 Foam Finger
    Storage Software Vendor WekaIO Launches First-Ever Partner Program
    After three years in business, WekaIO says it was time to create formal opportunities for its channel partners.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Zerto Looks Inward for New VP of Americas Sales
  • The Importance of Strengthening Your Cyber Security Culture
  • Don’t Let Lack of HIPAA Compliance Make Your Business Sick
  • Using ADR to Help Secure Your Business First

Galleries

Images: Channel Evolution Europe Featuring Avant, 8×8, Sophos, CenturyLink, More

December 5, 2019
view all

From the Industry

The Importance of Strengthening Your Cyber Security Culture

December 4, 2019

Don’t Let Lack of HIPAA Compliance Make Your Business Sick

December 4, 2019

Using ADR to Help Secure Your Business First

December 4, 2019
view all

Webinars

How Your MSP Can Deliver the Ultimate Customer Experience

December 10, 2019

Edge of Tomorrow: Network Security in the Age of Data-Driven Business

December 11, 2019
view all

White Papers

Secrets to Sustainable Growth – for MSPs, by MSPs

December 4, 2019

Why Managed Security Presents A Golden Opportunity for MSPs

November 26, 2019

The Ultimate Guide to On-Site Managed Services

November 26, 2019
view all

Events

Channel Partners Conference & Expo

March 9, 2020 - March 12, 2020
view all

Videos

FASTCHAT: Why an MSP Needs to Extend Detection and Response Beyond Endpoint Security

October 22, 2019

Ingram Micro: It’s Up to Our MSP Partners to Keep Clients ‘Out of the Headlines’

October 14, 2019

Liongard: Here’s How We ‘Roar’ for the MSP Community

October 14, 2019
view all

Twitter

ChannelFutures

With so many avenues to reach out to your prospective and current customer base, it's important that your company g… twitter.com/i/web/status/1…

December 10, 2019
ChannelFutures

.@HPE hires former #Microsoft exec Keith White to lead #GreenLake business unit. dlvr.it/RKywnr

December 9, 2019
ChannelFutures

.@HP shareholders receive direct pitch on @Xerox acquisition. #printers dlvr.it/RKyh9d

December 9, 2019
ChannelFutures

#KeeperMSP - increase revenue and security with #passwordmanagement as a service. @keepsecurity dlvr.it/RKyh9Z

December 9, 2019
ChannelFutures

Suzanne Swanson, @Trustwave global channel VP, talks about #infosec and #cybersecurity as a #TopGun51 winner.… twitter.com/i/web/status/1…

December 9, 2019
ChannelFutures

Preventing costly network attacks is vital! Pairing #DNS protection with endpoint security is a great proactive mea… twitter.com/i/web/status/1…

December 9, 2019
ChannelFutures

Janco Associates data shows #millennials make up increasing share of IT workforce. dlvr.it/RKyLdg https://t.co/pZ2HFxw6CC

December 9, 2019
ChannelFutures

The future of distribution continues to morph. Last month, @Tech_Data announces its acquisition by private equity f… twitter.com/i/web/status/1…

December 9, 2019

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Cookie Policy
  • Privacy
  • Terms
Copyright ©2019 Informa PLC. Informa Telecoms & Media Limited is a company registered in England and Wales with company number 00991704 whose registered office is 5 Howick Place, London, SW1P 1WG. VAT GB365462636. Informa Telecoms & Media Limited is part of Informa PLC.
✕

channel futures Logo

Want to stay updated? Sign up for our Channel Futures newsletters today.

Websites are now required by law to gain your consent before applying cookies. We use cookies to improve your browsing experience. Parts of the website may not work as expected without them. By closing or ignoring this message, you are consenting to our use of cookies.
X