Clients often ask what “cyber hygiene” means and what are some basic things businesses can do to raise their cybersecurity level. As this article points out, every company should have an Incident Response Plan (IRP). In the article, I am quoted for illustrating how many laws and regulations now mandate businesses to control risks through an IRP. The rest of the article highlights the other advantages of the IRP, such as detecting deficiencies in systems controls BEFORE a cyberattack. And that is spot on: actions to improve preparedness have secondary preparedness benefits.
For these reasons, I regularly advise clients to create AND REHEARSE their IRP. Attacks are increasing and becoming more harmful. And now, with AI being deployed by attackers, attacks can occur at scale and with minimal human initiation or management. Years ago, cyber preparedness may have meant hardening for prevention. Some years later, cyber preparedness came to mean detection (i.e., a recognition that entities would be compromised). Nowadays, cyber preparedness means having a pre-arranged cyber crisis team to execute the business’ incident response plan.
OnCall Cyber™ and its CyberJuris Network are correct to inform businesses that the IRP has become a Must Have, and also that it is required in many situations and industries.