Always, Always, have a Plan

The Ponemon “2017 Cost of Data Breach Study” found Incident Response the #1 most important activity in reducing the cost of data breaches. Once an Incident of Compromise (IOC) has been detected, the clock is ticking. Every minute wasted due to poor planning, indecision or lack of expertise in forensic support increases the cost of the event.

Incident Response and Disaster Recovery plans are critical components of any compliant information security posture. Cyber Tygr is equipped and experienced in testing incident response plans of healthcare organizations of all sizes.

Factors Influencing the Cost of a Data Breach
Savings per Record

2018 Ponemon Report: Cost of a Data Breach

If your organization does not have a Disaster Recovery and Incident Response plan, Cyber Tygr can work with your team to compose plans that appropriately fit your organization’s operations and strategic goals. Topics include:

Planning & Program Development include:
  • Building the team
  • Policies and procedures development
  • Incident report development/review
  • Identify potential incidents and responses – malware cleansing, reimaging systems, Bitcoin accounts
  • Establish info sharing with the ecosystem

You Perform Like You Practice

Once your disaster recovery and incident response plan is created, Cyber Tygr sits down with your key stakeholders in tabletop exercises to test the plan using realistic simulations applicable to the business – this process is also known as ‘war-gaming’.

The war-gaming exercise begins by evaluating the various threat vectors most likely to attack an organization and the responses needed to ensure the disaster recovery and incident response plan is effective. Until they happen, disaster plans are largely theoretical … “what will happen if…?” It is important to pose regular, realistic scenarios to test your people, their processes, and ultimately to ensure the plans work.

War-gaming Exercise will include:
  • A verbal walkthrough of the adversarial scenarios, with your company defending and responding to threat vectors
  • Employees voicing their concerns around information security and incident response
  • The creation of more fluid business operations while maintaining a secure environment.

At the completion of the wargaming exercise your company will have a report that documents the company’s situational awareness and readiness to react to information security threats, as well as recommended measures to mitigate any identified vulnerabilities or areas of improvement. This document can be presented to any legal, regulatory or third-parties of which compliance with their policies is required.


Cyber Incident Reporting
If you are the victim of a serious cyber incident, HHS recommends the following steps:
• Please contact your FBI Field Office Cyber Task Force immediately to report a cyber incident and request assistance. These professionals work with state and local law enforcement to pursue cyber criminals globally and to assist victims of cyber-crime.
• Please report cyber incidents to the US-CERT and FBI's Internet Crime Complaint Center
• For further analysis and healthcare-specific indicator sharing, please contact HHS' Health Sector Cybersecurity Coordination Center (HC3)