Preparation is the key to quickly (and quietly) resolving cyber incidents

By Guy Barnhart-Magen, CTO & Co-Founder, Profero

When you need to deal with a cyber incident, you want to minimize the damage and resolve the situation quickly – and quietly. The best way is to be prepared for it. We usually know about these attacks when they aren’t swiftly resolved or under the radar; the attacks you don’t hear about are achieving that by having a plan in place and rehearsing it.

Incident response planning is key to mitigating the damage of a cyber incident

By preparing for an incident ahead of time, you can ensure that you are ready to deal with it. Having a plan in place will help you stay organized and focused during an emergency, which can be critical to resolving the situation quickly.

In addition to having a plan, it is also important to rehearse your response to a cyber incident. This will help you ensure that everyone knows what to do in the event of an incident. It is also an excellent way to identify any potential weaknesses in your plan to address them before an incident occurs.

Preparation and rehearsal are the keys to a quickly resolved cyber incident. By planning and preparing, you can reduce the risk and focus your resources on fixing and remediating efforts in your organization.

Being able to respond is just as important as your ability to detect

Detecting a cyberattack is essential, but it’s not enough. You also need to plan how you’ll respond when an attack happens. That’s where Incident Response comes in. Incident Response (IR) is the process of detecting, responding to, and recovering from a cyber incident. A solid IR plan can get your organization back to business quickly.

Incident Response starts with preparation. You need to plan for what you’ll do if an attack happens. This plan should include whom to contact, what steps must be taken, and how to communicate with everyone involved. It would help if you also rehearsed your plan regularly so that everyone knows what to do in the event of an attack. An IR plan also has a solid technical aspect; you need to make sure your IR team has access to all relevant systems, logs, and data so they can respond quickly and confidently when the call comes.

Incident response is often reactionary instead of proactive. Too often, businesses wait until they experience an incident before taking steps to reduce the blast radius. Companies can take proactive steps to minimize the blast radius of a future incident by routinely performing compromise assessments, closing gaps, and resolving issues. A compromise assessment is an in-depth analysis of your current security posture. It helps identify gaps in your security readiness and provides recommendations for improvement. Resolving issues identified in a compromise assessment helps further reduce the blast radius by ensuring that your systems are correctly configured and that your employees know the best practices. These steps taken today will help you be better prepared for tomorrow’s incident.

Once an incident has occurred, you’ll need to take quick action to contain the damage and prevent further attacks. This may involve disconnecting from the network, restoring from backups, or taking other steps to get your systems back up and running. You’ll also need to communicate with everyone involved in the response, including management, IT, and law enforcement. A professional IR team will take time to understand your system and business; prior knowledge of your network, procedures, and industry will significantly improve their ability to respond and effectively contain any threat.

How preparedness looks like in reality

Several months ago, we helped two different customers whom the same group attacked. This was an interesting test case as the two companies were very similar in size and market. They were also located in similar geographies and used many of the same service providers. The only difference was that one company had a robust incident response plan while the other did not.

The company, without a plan, was caught entirely off-guard by the attack. They had no idea what to do or whom to turn to.  They were also worried about the publicity that would come with admitting they had been hacked. As a result, they tried to keep the incident quiet and handle it internally. This was a mistake.

The hackers relentlessly attacked and quickly gained access to sensitive data. The company eventually had to go public with the news, which resulted in significant reputational damage, lost customers and experienced a drop in its stock price.

In contrast, the company with a plan was able to contain the damage quickly. Our team was activated and immediately began working to eradicate the attack. They also contacted their service providers and law enforcement to get additional help. As a result, they resolved the incident quickly and with minimal damage.

The difference was striking, and our long-standing customer preparedness helped us reduce the time to resolution to several hours, while in the other company, it took days!

The moral of the story is that preparation is critical. If you want to be able to quickly and quietly resolve a cyber incident, you need to have a plan in place before it happens. Incident response is not something you can improvise, you need to rehearse.

Preparation is critical – have a plan and practice it regularly

Incident response planning is vital for every organization. Having a plan in place and periodically rehearsing it can shorten the time it takes your organization to detect and respond to an incident. This will help you stay calm during an emergency and get things back under control.

It’s also essential to have a response plan tailored to your organization’s specific needs. This will ensure that you are prepared for any incident that may occur.

One of the best ways to reduce exposure to a cyber incident is to know your data and where it’s stored. This will help you be aware of any potential vulnerabilities and take steps to mitigate them. This cannot be emphasized enough; by utilizing the time you have when there are no incidents, you can better prepare and, in reality, reduce the scope of future incidents.

Finally, make sure you have a plan in place for how you will backup your data. This will ensure that you have a copy of your data if it’s lost or destroyed during an incident.

Incident response preparedness is critical for every organization and can help you get back on your feet after an incident occurs. So, don’t wait – start preparing today.


Cybersecurity is all about risk management. You can’t prevent every incident, but being prepared can reduce risks and prepare you for the incident. The best way to do this is by having a plan and rehearsing it regularly. Detection is essential, but your response is just as critical. Being able to respond quickly and effectively will help you minimize your incident.

You are probably asking yourself, what can you do to get started? The best way is to have a plan and practice it regularly. That might sound like much work, but the truth is that if you don’t have a plan, you’ll be working even harder during an incident. And we all know how that goes – something always comes up at the last minute.

Start your preparedness journey today and minimize your risks!

Hot Topics

Related Articles