Drill, drill more and drill again
I’ve worked with hundreds of companies over the years and one area I consistently see them struggle with is incident response drills. Sure I see some board level table top simulations but nothing says i’m ready more than practising actual responses.
In table tops people mainly assume the log files exist, they assume the resources are there, they assume the best. I’m not a pessimist but I assume breach and assume things will go wrong (even with preperation).
So to help people I put together an Incident Response planning toolkit workbook. This excel document is a rough guide of different types of incidents and different horror levels (there’s a cool D00M flavoured easter egg in there too). Now one thing, you will need to tailor this. BEC for example can be very simple to repel and remediate, however the cost and impact of BEC can be huge (even if it’s a single mailbox) so take the numbers in here with a pinch of salt and tailor it to suit your needs.
Fail to Plan, Plan to Fail
Failing to plan for a cyber incident both large or small is a sure fire way to ensure you are planning to fail! So with this in mind we thought we’d share a quick workbook to try and kick start your mind into NOT planning to fail!
Here you will find some of the most common scenarios we’ve seen and helped customers with when dealing with a cyber incident. Now look, I don’t mind helping people when the chips are down but if you haven’t planned and you aren’t prepared your likely going to have a really really bad day/week/month/year and whilst we might be able to support you, your probably still going to have a crappy time regardless (we can’t do magic!)
Be safe, be prepared and stay cyber secure!
Until next time! (I’ve added and fixed some bits so now we are at version 1.7)
I saw these the other day which are IR playbooks:
IRM/EN at main · certsocietegenerale/IRM (github.com)
These are good to combine with the workbook.