NZ Incident Response Bulletin - February 2024

The February edition of the NZ Incident Response Bulletin was published today. The bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Each Bulletin also includes a section of our own content, based on a trending theme, this months being?“Incident Response Preparation”.

Each article contains a brief summary and where appropriate, a linked reference on the web for detailed information.

We'll give you a brief summary of each article, and a link to more information. Why do we publish this bulletin? Because we want to keep you up to date with the latest Forensic and Cyber Security news, so that you aren't caught by surprise - and you'll know about risks and changes before they become problems.

Our Views:

Incident Response Preparation

Following on from last month's bulletin where we set out a list of cyber must haves for 2024, this month we focus on incident response preparation.

The first step to ensure your organization is better equipped to deal with a cyber incident is to ensure cyber is well understood across the executive, the board, and the business units.

We have found that those who have understood their cyber risks and are proactively undertaking steps to mitigate these and any emerging ones, will often be asking themselves “how would we actually respond to a cyber incident”.

Assembling the appropriate documentation is key at this point. This will include general business documents such as a crisis management plan, a disaster recovery plan and a business continuity plan. Then a cyber incident plan will assist in governing the actions of the computer incident response team from a high level. More detailed information would be contained inside of a playbook for specific attack types such as ransomware and business e-mail compromise. At its most detailed level the technology team may also have runbooks, which specify exact step by step actions that need to be taken to respond and recover.

It is important to follow guidance from those organisations that are well versed in providing direction. These include the New Zealand government coordinated incident management system (CIMS), the National Institute of Standards and Technology (NIST) in the United States incident response framework, along with several others which we have referred to over the last five years of bulletins.

For those looking for an easy one, you can take a turnkey solution to a cyber incident response plan and spend an appropriate amount of time to tailor it for your organization. These do not need to be started from scratch.

Once you have your incident response plan drafted or updated if one was already in place, you then need to exercise this through a cyber incident simulation. These workshops always prove to be a useful investment in everybody's time and provide an opportunity for immediate observation and feedback to further improve the organisation’s cyber resilience.

Simulations may involve many representatives from across the executive and business units, alternatively a more focused group includes risk and legal representatives or board members for ultimate decision making.

Another benefit of bringing the team together is to give them an opportunity to work out how best they coordinate the activities that are planned and track progress through to completion. We find that the use of an electronic control room greatly benefits the computer incident response team’s ability to manage this.

Finally in addition to documentation and simulations, there are also a range of other important factors to consider such as:

·??????? Roles and responsibilities of the computer incident response team

·??????? Escalation points

·??????? Public relations

·??????? People and culture

·??????? Forensic expertise

·??????? Legal expertise

·??????? Regulatory requirements

·??????? Insurance requirements

If not already, we would encourage you to consider the above, do not delay, and ensure your organisation has a suitable incident response plan and is ready to act should it be required.

The Bulletin:

To obtain a full copy of the Bulletin, please visit https://incidentresponse.co.nz/bulletin