CyberScotland releases Incident Response Guide to prepare businesses for cyberattacks

CyberScotland has published a new Incident Response Guide to provide practical advice to Scottish businesses on handling a cyber incident. 

The free Scottish government-backed guide is designed for and best suited to small/medium businesses that lack in-house incident response teams or do not have an incident response plan in place—according to UK government statistics only 38% of businesses and 42% of charities have a formal policy covering cybersecurity risks.

The guide includes advisory documents on several key aspects of effective cyber incident response, including:

• A checklist to help prepare for, respond, and recover from cyber incidents
• A document for capturing business emergency contact details
• Incident response communications guidance, including questions to address when planning and dealing with a crisis
• Information on the key commercial and legal implications of a cyber incident, including guidance on cyber incident reporting requirements

Building cyber resiliency amid rising cyberattacks

Commenting on the launch of the guide, CyberScotland partnership chair Jude McCorry says it is part of a wider goal to help make Scottish businesses more cyber resilient. “The Incident Response Guide is an extension of this. We designed it so that business owners and leaders can pick it up and use it straight away.”

McCorry adds that, with the threat of cyberattacks greater than ever, it is no longer an option for organisations of any size not to have an adequate incident response plan. “Businesses must be proactive when it comes to protecting themselves. This new guide will ensure they not only understand the benefit of being proactive when it comes to IT security but also ensure that their teams are aware of the role they play too—particularly when welcoming new team members.”

Speaking to CSO, cybersecurity thought leader and author of Cybersecurity for Beginners Raef Meeuwisse says CyberScotland’s guide is a useful, high value piece of kit for small and medium businesses. “It’s concise, clearly written, and it covers all the main points of cyber resiliency. If only all government cyber packs could be this brilliant. It proves that steps towards cyber resilience are actually much more straightforward and logical than many people think.”

Former member of the Europol Cybercrime Centre Advisory Group on Internet Security and founder of cybersecurity consultancy BH Consulting Brian Honan concurs, adding that the guide is indeed well crafted to support businesses in their cyber resiliency efforts. “In today’s environment, it is not a question of if you will suffer a security breach, but more a question of when you will become a victim. The time to plan how you respond to a cyberattack is not during the attack, but before. The Incident Response Guide provided by CyberScotland is an excellent resource for organisations to lay the groundwork and be prepared so that they can respond is a structured and managed way.”