A plan isn’t successful until it’s put to the test. When it comes to your incident response plan, frequent tabletop exercises are recommended. Given that this takes time and resources, it may be tempting to put incident response planning on the back burner and use your limited resources on more immediate concerns. For small and medium businesses, there is a misconception that they do just that. So how frequently do SMBs really test their incident response plans?
Cisco Product Marketing Manager Hazel Burton sits down with Cisco Advisory CISO Wolf Goerlich to answer this question and debunk some other SMB security myths.
We asked almost 500 SMBs (defined here as organizations with 250-499 employees) this same question. Their responses showed little to no difference in their incident response readiness when compared to larger organizations.
SMB incident response readiness – the facts.
Only one percent of SMB respondents never test their plan; which is identical to the percentage of larger organizations that don’t test. Of the overwhelming 99% of SMBs that reported testing their plan, 45% said that they do so every six months. In comparison, 49% of larger organizations test at the same frequency. So, not only do SMBs prioritize testing their incident response plans, but they test at virtually the same frequency as their larger counterparts.
With almost 100% of businesses testing their incident response plans, there is a clear desire for effective incident response. After all, a well-practiced plan is an indispensable part of incident preparedness. Running tabletop exercises will help your security team remain confident if (and likely when) incidents occur by clarifying what actions must be taken and by whom.
What are some ways to make your plan count when it’s needed most?
Wolf Goerlich recommends practicing your incident response procedures frequently and being as specific as possible.
In his own team, Wolf tests his response plan on a quarterly basis. Gathering your team habitually to talk through what steps should be taken for a specific scenario will keep everyone aware and prepared. There’s a lot of information vying for our attention at any given moment. Practicing incident response often ensures that your plan doesn’t slip through the cracks. This step-by-step approach also helps identify any weaker areas before they are revealed in a high-stakes situation.
Wolf points out that specificity requires looping all team members into your incident response planning. It’s possible that a lapse in communication has created some holes in an otherwise solid plan; keeping everyone on the same page helps fill in these gaps.
Lastly, a good plan should be a relevant one. While practicing incident response, the scenarios used should reflect the most frequent and impactful threats your organization faces. Using our almost 500 SMB responses, we’ve mapped out the most severe threats currently disrupting both small and large organizations. To take a closer look at the SMB threat landscape, check out last week’s blog “SMB Myth Busting: Do smaller organizations face different cyberattacks?”
Note: this blog is part three in a five-part series. Subsequent blogs to follow.
To read the previous blogs in our SMB series, please visit “SMB Report 2020”
You can watch the full Cisco Chat Live discussion here: Cisco Chat Live SMB Myth Busting
If you are interested in unpacking more myths surrounding SMB security, consider reading “Big Security in a Small Business World”