The latest business continuity news from around the world

Cyber incidents: businesses urged to ‘be prepared, be proactive and practice, practice, practice’

Based on three years (2016-2018) of cyber incident response plan assessments and data breach simulations conducted by Verizon for its customers, the new Verizon Incident Preparedness and Response (VIPR) Report gives organizations strategic guidance on creating effective and efficient incident response plans.

“Companies think that having an incident response plan on file means they are prepared for a cyber attack. But often these plans haven’t been touched, updated or practiced in years and are not cyber-incident ready,” comments Bryan Sartin, Executive Director, Verizon Global Security Services. “Having an out-of-date plan is just as bad as having no plan at all. Incident response plans need to be treated as ‘living documents’, regularly updated, and breach scenarios practiced in order for them to be truly effective.”

Verizon experts have identified the six typical phases that every incident response plan should contain:

  • Planning and preparation – this includes constructing the incident response plan to include key internal stakeholders and third parties - crucial for an effective response.
  • Detection and validation – detect and classify cyber-security incidents by severity level and source early in the incident response process.
  • Containment and eradication – focus on containing and eradicating cyber-security threats.
  • Collection and analysis – collect and analyse evidence organisations to shed further light on cyber-security incidents; helping with effective data breach containment, eradication, remediation and recovery activities.
  • Remediation and recovery – provide remediation and recovery measures; specifically, describe those actions to not only ensure operations are recovered and restored to normal but to also prevent or mitigate future incidents.
  • Assessment and adjustment – feed post-incident lessons-learned results back into the incident response plan to improve cyber-security metrics, controls and practices.

The VIPR Report also includes five ‘Breach Simulation Kits’ consisting of real-world scenarios to provide organizations with the content to facilitate their own mock incident table-top exercise.

The complete Verizon Incident Preparedness Response Report is available to download on the VIPR Report resource page.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.