Are you prepared for a cyberbreach?

people in business meeting

Every day, it seems, another cyberattack hits the news.

No one is safe. Hackers even recently launched assaults against the servers supporting the Pokemon Go game. That’s how common cyberattacks have become.

Still, many companies aren’t prepared to fend off cyberintruders. Recently, I joined Todd Waskelis, executive director, AT&T Security Consulting, for a webinar that examined why and how you should prepare for a cyberbreach.

The why part of the equation should be obvious. Organizations of all sizes and types face a growing variety of threats, from traditional distributed denial of service (DDoS) attacks to more concealed — and usually more damaging — ransomware.

In a survey we conducted in 2015, 62 percent of the responding businesses said they had been breached. Yet only 34 percent of the companies in the survey reported having an effective incident response plan, despite the fact that cyberattacks can literally take a business out of business by damaging its credibility and its bottom line.

Not If, But When: A CEO’s Guide to Cyberbreach Response from AT&T

Effective planning is the best protection

Malware protection, firewalls, segmentation to help protect traffic in transit, and other measures are all great defenses, especially when applied in a layered approach. But at the end of the day, as Todd emphasized during the webinar, you must have a plan to respond and recover in case an attack is successful.

Here are four steps to help you get started on your plan.

1. Evaluate your security needs

Todd explained that a good response plan is not one you pull out of a book or from an online resource, but one that is tailored to your organization.

To start, consider what your critical assets are, what processes and people could be impacted by a breach, what type of data you store, and what kind of impact having that data stolen or manipulated could have.

2. Identify your resources

Next, make sure you have the proper resources in place to carry out your plan.

I find that one of the biggest obstacles to implementing an effective plan is figuring out who should be on the response team. Don’t leave it solely to your security team.

A breach won’t just affect the security staff; it will impact the entire company, so your response team should include representatives from across the business.

The legal team should be there to evaluate legal implications. Other members of the IT team should be there. Public relations and communications staff should be called in to help plan the public response to the breach. And your C-level team must be involved to provide leadership and a sense of control to the team.

3. Practice, practice, practice

Once you’ve identified the response team members, you must—as Todd likes to say—plan the work and work the plan. Don’t file away your plan on an internal website or shared drive and forget about until you need it. Practice.

Conduct drills and tabletop exercises. Go through mock scenarios of lost laptops, DDoS attacks, and other possible breaches. Observe team members and their responses, and provide feedback to help them improve their performance.

4. Consider involving third parties

Some companies hold drills using their staff only. Others bring in third parties who can look at the situation with unbiased eyes and offer advice that could make the response more effective.

Some companies, especially small and midsized businesses, may also choose to bring in third parties to manage all or part of their security efforts. For organizations without a lot of high-level security expertise in-house, allowing a provider to help define and run their security plan can be the best route in terms of cost and effectiveness.

Learn more about preparing for a cyberbreach

During the webinar, Todd and I also discussed other aspects of an effective response to a cyberbreach:

  • Steps you should take in the first 24 hours after an incident
  • How and why you should train all your employees on cybersecurity
  • Four levels of readiness for a cyberattacks
  • Importance of investing in prevention and detection technologies to help defend against day-to-day threats

To hear our entire discussion and our answers to some of your colleagues’ questions about cybersecurity, watch the replay of our webinar, “Not If, but When: The CEO’s Guide to Cyberbreach Response.” You can find the accompanying SlideShare presentation on LinkedIn.

You can also download the most recent AT&T Cybersecurity Insights, “The CEO’s Guide to Cyberbreach Response.” And visit us online to learn how AT&T Network Security solutions and services can help you develop a cybersecurity strategy that will help secure your business-critical assets.

The bottom line: Be as secure as you can be. Your response will determine whether the breach is a minor footnote or major disruption.


Jason Porter Security Solutions Vice President AT&T About Jason