Since it’s almost certain that every organization will experience a cyber security incident at some time, you need to be well prepared in advance.
According to the 2013 Verizon Data Breach report, 22 organizations, mainly in manufacturing and professional services with only one to 100 employees, became a victim to cyber espionage last year. And 23 firms, mainly in manufacturing with 101 to 1,000 employees, also were breached.
If you don’t have a Computer Incident Response Plan (CIRP), resolving an incident will be much more difficult on your company and much more expensive. Because the longer you wait to eradicate a threat, the more time the intruders have to steal valuable information on you and your customers, and to make fraudulent wire transfers from your banking accounts.
The most successful CIRPs have been validated by outside incident response security consultants who have reviewed the plan, watched you rehearse it thoroughly in “tabletop exercises,” and helped you revise it as needed.