By Brad Atkin, CPA, CISA, CITP, SOC – Practice Leader, IT Advisory and Security Group

Q. Outside of keeping our company’s systems protected from phishing and vulnerabilities, what is the most important cybersecurity area we should be focused on as a closely held business?

While the largest threats to a closely held business continue to be malware, ransomware and general hacking, many forget to focus on developing response and recovery controls to ensure survival in the wake of an unwanted attack.

Small to mid-sized businesses have continued to make strides to identify issues, protect their network through tools or partnerships, and detect nefarious activity over recent years. However, the “bad guys”  have also continued to make strides in finding new ways to get through system firewalls and wreak havoc on businesses.

On average in 2020, IBM estimates detection and escalation costs to be almost $1.11 million per breach. The three largest cost mitigators throughout the country were testing an incident response plan, having a business continuity plan and the formation of an incidence response team. Each of these steps reduced the overall cost of a breach by close to $300,000. This is why having strong response and recovery controls are so important.

Response controls deal with planning, communicating, mitigating and improving activities. Proper planning and communication results in personnel knowing their roles, incidents being reported correctly and timely, and coordination with stakeholders. Analysis, mitigation and improvements help with proper investigation, understanding the impact, containing the problem, mitigating its effects and resolving the incident while learning lessons and updating strategies.

Recovery controls relate to planning, improvements and communication around the recovery of your system from the event and the communication to everyone affected.  An incident may involve proper coordination with external parties such as Internet Service Providers, owners of attacking systems, victims and customers or vendors. Having a plan ahead of time can help coordinated post-attack efforts and reduce the risk of losing customers due to a breach.

You can work with a third-party advisor, such as Doeren Mayhew’s IT Advisory and Security Group, to help better understand these controls and processes, as well as help you get the right ones in place for your business. Contact us today to learn more.