Having a comprehensive and effective business continuity plan (BCP) in place is a critical part of disaster planning and recovery for all businesses. However, not all financial institutions consider that a cybersecurity incident is just as large of a threat to their operations and protection of customer data as a natural or man-made disaster. These types of incidents can be just as devastating as a fire, earthquake or tornado – and often require a different set of steps when responding to the threat.

A comprehensive BCP considers all types of threats and contains a broad response and recovery plan that could be used for all disaster scenarios. However, a cybersecurity threat may call upon a different team of subject matter experts to lead your financial institution through the response to that threat. A cybersecurity incident response plan could be a separate document from your BCP, but it can also be built into your BCP – both ways are effective as long as you’ve identified the difference in how to respond to these threats and the difference in roles and responsibilities when responding.

The following key thoughts are often included in both a BCP for natural disasters and a cybersecurity incident response plan:

  • Program initiation as the threat/situation is identified
  • Operational analysis to determine the extent of damage to normal operations
  • Recovery strategy determination
  • Response plan development
  • Roles and responsibilities of the response team and recovery team
  • Testing and training to prepare for the threat/situation

The following items are often specific to a cybersecurity incident response plan:

  • Roles and responsibilities are often filled by IT or security experts, rather than operational experts
  • How to limit the spread of the threat to other systems, employees or customers
  • Decision tree to determine the extent of the threat and when to contact the proper authorities/law enforcement
  • Decision tree to determine if additional security experts need to be hired to eradicate the threat

Cybersecurity threats are constantly evolving, as those criminals engaging in these activities continue to build their own skills at infiltrating legitimate businesses through a variety of methods – the most common being social engineering. We recommend engaging in an annual assessment of your preparedness to face a cybersecurity threat. An effective way to do this would be a cybersecurity incident response tabletop exercise, similar to a business continuity tabletop exercise. Try to engage in both common threats seen often in your industry, but also those that are less common and potentially more complex.

Engaging in these scenarios with your cybersecurity incident response team will help ensure you are as prepared as possible for the potential of cyber criminals attacking your institution. A few types of scenarios to consider are:

  • Basic phishing of end users
  • Malware downloaded via email, USB, etc.
  • Unauthorized computers and devices on the network – can lead to a breach of your network
  • Distributed denial-of-service (DOS) attack
  • Ransomware

RSM provides compliance services for financial institutions, along with other technology, security, and infrastructure services to help better secure your systems and the critical data they contain. To find out more about this or other ways RSM can assist you with your business needs, contact RSM’s management consulting professionals at 800.274.3978 or email us.