The Importance of Practicing Incident Response

Reading Time: 4 minutes


During times of stress, you can find kind people helping. Unfortunately, you can also find people trying to exploit vulnerabilities created by fear and confusion. Within the last few months, we have seen confusion, fear, and sometimes even panic within our society. Organizations were forced to change their day-to-day procedures almost overnight. A lot of companies adapted to a remote workforce gracefully, while others struggled. Everyone faced challenges, from daily operations updates to cybersecurity concerns. All of these changes and struggles left vulnerabilities open for exploitation.

Attacks from all sides

The Sikich Cybersecurity practice saw an uptick in phishing emails being sent with COVID-19 pandemic-related information. Your organization may have a robust cybersecurity practice, but all it takes to open up your network to an attack is one person to click on an email, open an attachment, or simply visit a website.

We also saw large numbers of employees being laid off or furloughed at different organizations. While people tend to picture cyberattacks as originating from outside of an organization, attacks can also come from a disgruntled employee or even a vendor’s system connected to your network.

Attacks can happen anywhere at any time, so it’s important for the entire organization to know what to do if there is an attack. All companies should have an incident response plan.

Practicing Your Incident Response Plan

Let’s assume your company does have a cybersecurity incident response plan. Your IT department should be well versed in this plan as they were likely involved in creating it and they (hopefully) work to keep it updated. What about other departments within your organization, like Accounting, Human Resources, or Sales? Do these departments know what to do when an incident occurs? Do they know what an attack might look like? Instead of just crossing your fingers and hoping that they do, it is important to practice your incident response plan. For example, try conducting a tabletop exercise to make sure everyone is prepared.

Everyone thinks they know how they’ll react in specific situations until those situations actually happen. There are many benefits to running a cybersecurity tabletop exercise. Performing such an exercise tests your team’s responses under pressure. It will help uncover weaknesses to show you where your incident response plan can be improved. It will also help identify updates needed to make sure your incident response plan takes into account the latest threats and attack vectors.

Conducting a tabletop exercise helps make sure all departments understand their role in the event of an incident. Perhaps one of them does not understand the impact that their team’s behavior may have on the security of the entire network. The tabletop exercise will show everyone how malicious a phishing email can be, and how clicking on just one email or one link can allow someone to gain access to your system. It will also help them understand what happens to the rest of your systems if an attacker is able to gain a foothold.

Update security procedures

With all the changes that were made to operations in almost every industry due to the COVID-19 pandemic, it is important that your organization also makes appropriate changes to security procedures. Your team needs to understand how to prevent an incident from occurring. However, if one does occur, they need to know how to quickly recognize it and properly respond to it.

If your organization is interested in learning about how an incident response tabletop exercise could better prepare your team to navigate a potential cybersecurity incident, reach out to our team and we will be happy to design a service to meet your goals.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.


Join 14,000+ business executives and decision makers

Upcoming Events

Upcoming Events

Latest Insights

About The Author