5 common mistakes when responding to a cyber-attack

TORONTO—Incident response teams are on the front lines in the cyber world, assessing security systems and responding to security threats, as well as resolving issues and controlling damage of system breaches, malware exposure, and other security events.

But not all response programs are equal. Inexperience can lead to actions that hinder efforts rather than resolve security threats.

KPMG’s Forensic team has identified some major mistakes that can cripple an organization’s response effort to data breaches, cyber-attacks and other security events. Here are the top five:

1. Plans are not tailored to your organization—Companies should establish policies, processes and procedures that fit the culture, response personnel and business objectives.
2. Plans are only used in real-world incidents—Companies need to regularly test plans before the real event happens.
3. Teams are unable to communicate with the right people in the right way—A centralized communication dashboard, where the incident response team can post details about the current investigation and pull the information as-needed, can limit inefficient E-mail messaging, which can overwhelm inboxes.
4. Teams lack skills, are wrong-sized, or mismanaged—Organizations should closely evaluate the need for additional training or recruiting to ensure the proper level of experience on the team.
5. Help desk activities can destroy critical evidence—Help desk staff should be trained to document their activities in case their actions become part of an investigation.

Link to KPMG’s Forensic Focus report to learn about other mistakes or for insight on how to manage a cyber-security response.