Patricia Clay, CIO at Hudson County Community College and co-chair of the Higher Education Information Security Council at EDUCAUSE, says that when an attack happens, taking a wide view is imperative.
“I always tell people, your first step should be to suss out exactly what’s happening,” she says. Most incident response plans hinge on the nature of the specific threat. “Your response will be different depending on the scenario: Was one important person’s account compromised? Are your websites under attack? It’s important to understand the situation right away so you know what you need to do next.”
At Howard, Osaghae says, once team members realized what they were facing, they immediately kicked their plan into gear. “Our IRP dictated that our first step was to analyze and protect the organization by disconnecting all systems to stop the spread,” she says. From there, she notes, further analysis was done “to detect the timing, location and scope of the attack to ensure that the vulnerability was addressed.”
Communication and Recovery Are the Next Steps of Incident Response
Also critical in the early stages of any response is clear and concise communication, Clay says. Even as your threat detection system does its job and IT seeks to stem the breach, “you have to reach out to everyone who needs to know, from executive leadership to your cybersecurity insurance people.”
Many insurance providers have consultants they can send “who are highly skilled, and this is all they do — the kind of experts you want in your corner,” Clay says. That’s an especially important consideration for smaller institutions that may not have substantial IT resources.
Outreach and communication should be consistent and carefully worded, so as to not cause confusion or unwanted distractions.
Click the banner below to learn how to strengthen your team's security strategy