Cybersecurity Incident Response Plan – Prepare for security breaches

This article is the final in a four-part series on cybersecurity and how the building materials industry can prevent, protect and prepare for threats and attacks on computer systems and digital assets. Part 1: Cybersecurity should be at the top of your list. Part 2: Prevention: Your First Cybersecurity Tool. Part 3: Protection: The second layer of your cybersecurity plan.

CalPortland CIO Luis Angulo and Ozinga CIO Keith Onchuck will present NRMCAs ConcreteWorks on October 12th at 3:30 pm in Aurora, Colorado. Your session, “Protecting the Digital Realm: Addressing Cyber ​​Threats in the Concrete Industry,” provides practical strategies and best practices to protect your business from cyberattacks and ensure the security of your digital infrastructure. ConcreteWorks is scheduled for October 10-14.

Cybersecurity starts with prevention, which leads to protection and finally ends with preparation. If you've reached the preparation stage, it usually means there's a data breach.

“Unfortunately, this is becoming more and more common in the digital world we live in,” says Keith Onchuck, CIO of Ozinga. “We all 'want' everything digital, but are we prepared if our digital information is unavailable for some reason? Preparation is key.”

From a technology perspective, the preparation phase is typically considered the most boring phase because you have to look outside the IT department. They must work with other departments across the company and create a set of policies and procedures.

“As IT leaders, it is our responsibility to prevent, protect and prepare our organizations for all threats in our digital world,” says Onchuck. “We must have a policy that outlines the procedures we must take if we become victims of cybercrime.”

For example, a company can prepare with a detailed incident response plan that documents required procedures in the event of a security breach.

In all phases of cybersecurity, a company must invest for the long term and be prepared to adapt over time. Prevention includes ongoing training for employees and system users. The tools used during the protection phase must be constantly evaluated to protect against the ever-evolving cybersecurity landscape. The same applies to the preparation phase. Procedures that companies have put in place during the preparation phase should never become outdated. They need to be updated as technology is constantly changing and evolving.

“While we always hope for the best and hope we never have to reach this stage, you need to plan for the worst and continually update those plans,” says Luis Angulo, CIO of CalPortland.

An incident response plan typically includes three components: internal procedures, external procedures and insurance.

Internal and external procedures

“While preparation does not guarantee that you will not be impaired, it does give you a greater chance of survival and recovery.”
—Ozinga CIO Keith Onchuck>

An important aspect of the preparation phase is to rely on external expertise and internal expertise outside of the IT department. Internal and external procedures must be established to ensure business continuity. Without this level of coordination, a single incident can cripple the business.

“The key is to be prepared to handle an event if it ever reaches this critical stage,” Onchuck says.

In the event of a security breach, companies must contact all internal departments, including human resources, payroll, marketing, sales, legal, etc.

Companies should also prepare external procedures for tasks that go beyond the scope of the IT department. For example, a plan should be created with your marketing and communications department that details how the company will respond to a security breach. This could include making a public statement and communicating with employees, customers, suppliers, etc.

A communication plan is necessary so that employees are clear about what they can and cannot say in the event of a violation. The plan must be passed through the marketing and communications team.

“While preparation doesn’t guarantee you won’t be affected, it does increase your chances of survival and recovery,” Onchuck says.

Another tool in your arsenal should be a secure backup of your data. “When cybercriminals break into your network, they try to find your backups and hold them hostage as well,” says Onchuck. “If you use immutable backups [copies of databases that cannot be altered]This makes it much harder for malicious actors to corrupt or encrypt them.”

Technical experts also recommend hiring a cybersecurity company in the event of a breach. Make sure all agreements are already signed and fulfilled. This reduces the time it takes to onboard them into the organization and help detect, remediate and recover from a cyberattack.

Insurance

“Cybersecurity insurance isn’t a nice-to-have, it’s a must,” says Angulo. “That is no longer an option.”
—Luis Angulo, CalPortland CIO

Think of your company’s cybersecurity as a home security system. We prevent access to our home by using locks, we protect the home with an alarm system or a guard dog, and we prepare for a break-in or other catastrophic event with an insurance policy. The same applies to the protection of our company data.

“Cybersecurity insurance is not a nice-to-have, but a must,” says Angulo. “That is no longer an option.”

Even if cyber insurance doesn't prevent an incident, it will help you manage the impact of an incident. You also need to know how and when to claim this cyber insurance if someone breaks into your system.

“Time will be of the essence,” Angulo says. “You don’t want to be trying to figure out how to deal with insurance after a breach has occurred.”

The frame

Each company must develop its own plan that includes the three Ps we discussed: prevention, protection and preparation. The framework can be simple and continually grow to meet the needs of the business. This may be different for each manufacturer, but the basic approach still applies.

“When tools are used correctly, they represent a significant advancement in our ability to do business,” says Angulo. “But these tools can also be a liability if you don’t do your due diligence.”

As more companies adopt more advanced technologies such as artificial intelligence, the stakes increase.

The goal of the National Ready Mixed Concrete Association IT Task Force, co-chaired by Angulo and Onchuck, is to create a cybersecurity framework that all companies in our industry can follow. “We realized that we are an ecosystem,” says Angulo. “We all do business together and in this moment we are connected.”

“The more we as an industry can share best practices about how we approach cybersecurity, and the more our vendor partners like BCMI, Command and Sysdyne can share what they are doing from a security perspective, the better off we will all be,” says Onchuck. “Together we are stronger.”