Who do you call? Outside partners can be critical post-breach assets

Growing numbers of companies understand the importance of proactively planning their responses should they suffer some form of cyberbreach. To ensure they’re well prepared, organizations have created incident response plans and teams, run through tabletop exercises of different breach scenarios, and made sure everyone from their IT security pros to their corporate lawyers to their PR specialists understands the role they must play should a cyberincident occur.

Still, many incident response plans lack a vital element: the inclusion of outside incident response partners. Companies rarely have all the in-house talent required to execute every aspect of a post-breach response, in part because that talent can be both rare and expensive. Even though there is a high probability that most companies will suffer one or more successful cyberattacks, it can be tough to justify hiring a complete staff of incident response specialists for those (hopefully) rare occasions.

That means that as part of your incident response planning and preparation, you need to carefully assess your company’s internal capabilities, and then project them into different incident response scenarios. It’s likely you’ll find some needed skills wanting. Perhaps you’ll require computer forensic experts to help identify and eliminate the mechanism of attack. Maybe you’ll need help in crisis management and post-breach communications. Or you may require help from law firms that specialize in reducing any liability exposure your company might face.

Law enforcement and regulatory agencies are among the other external actors likely to play important roles following any significant breach. As such, every incident response plan should include contact information for these agencies, as well as their areas of oversight and enforcement.

That said, simply identifying which outside groups or individuals whose help you might want to enlist is only the first step. You need to build relationships with those partners – and possibly place them on retainers – well before you’re attacked.

As the AT&T report Cybersecurity Insights notes: “Companies that wait until they’re in post-breach fire-drill mode to seek outside help have likely already fallen behind in their response.”

Beyond assisting you after an attack, people or firms that specialize in different incident response disciplines can also often help you prepare ahead of one. You might want to have them train your own staff, for example, or participate alongside your internal team in different incident response drills and scenarios.

On the law enforcement and regulatory front, you would be wise to proactively prepare templates of notifications that your company is required to make following a breach. Knowing the agencies involved, connecting with them prior to a breach, and rapidly meeting any of their notification demands can help smooth post-breach interactions that might otherwise be contentious and unproductive.

For some time, companies have tried to establish 360-degree visibility into their operations and markets. When it comes to incident response, they need the same full-scope visibility and preparedness. More often than not, this level of comprehensive incident response planning will require enlisting multiple outside experts well before any cyberattack occurs.

Dwight Davis has reported on and analyzed computer and communications industry trends, technologies and strategies for more than 35 years. All opinions expressed are his own. AT&T has sponsored this blog post.

Cybersecurity market research: Top 15 statistics for 2017