Incident Response planning is complex but essential for when that cyberattack happens because the odds are increasing that it will happen. The problem for most organisations is that they see this as a purely technical issue. As such, responsibility is passed to the IT team to prepare, test and deliver in a disaster. But is that good enough?
Enterprise Times talked with David Gray, Director, Global Digital Forensics and Incident Response Lead at NTT Ltd, about the issue. Gray has been involved in incident response for over 15 years so has been through his fair share of incidents. In our conversation, Enterprise Times asked Gray where do businesses begin when designing their Incident Response plan?
Gray replied, “For an incident response plan you need to have buy-in from your management. You need to be able to understand what is the crown jewels within the business that you are covering. If you don’t know that, then don’t even bother starting.”
In this podcast, Gray talks about what he means by crown jewels. In doing so, he unpicks how Incident Response overlaps with Disaster Recovery and Business Continuity. Note: They are not the same thing despite too many people conflating the terms.
He also addresses the issue of who should be involved, including external people such as legal teams and PR teams. This is where exercises and practice become important. Yet getting all those external teams to participate in practising Incident Response is a real challenge.
Gray also talks about the rise of concerns around OT and how we expand Incident Response to deal with those systems.
To hear what else Gray had to say, listen to the podcast
Where can I get it?
You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.