A cyber breach has just occurred. What do we do now?

With criminals devising more sophisticated methods of breaching company networks, a cybersecurity playbook has become an essential tool in ensuring that every person in your organisation—from interns to top officers—understands what to do in the event of a breach. A good playbook should outline the steps a team must take before, during, and after a cyberbreach to protect company assets. Think of it as a standardised checklist that team members are to follow depending on the kind of incident that occurs.

Building cyber-defences like a playbook is critical because the increasing rampancy of cyberattacks has made the possibility of one a question of “when” and not “if.” And its consequences are hefty.

IBM reports that in 2023, the average financial cost of a data breach is USD 4.45 million—15% more than what it cost the previous three years.¹ Despite their drastic effects, however, 40% of chief security officers believe their organisations are ill-equipped for rapidly evolving cybersecurity risks.²

A strong cybersecurity response begins with understanding the threats your business faces. A cybersecurity playbook should detail those your organisation will most likely face. Here are a few common security breaches encountered by enterprises:

1. Phishing

Technology has provided hackers with better tools to develop attacks against organisations, but the leading cause for cybersecurity issues remains surprisingly simple: employee mistakes. Human error accounts for 88% of cyber breaches today.³

Phishing takes advantage of this reality with emails, chats, and websites that seem legitimate at a glance, but serve to swipe private information from victims. Enterprises must also be watchful of a targeted form of phishing called spear phishing, which focuses on stealing information from specific individuals through concentrated efforts.

2. Malware

Malware is a malicious code or program that attacks or damages data, networks, and devices.

Ransomware in particular is a growing concern as, despite expectations of such crimes to dwindle, big game hunters have already earned USD 449.1 million through June of this year.⁴ Singapore is similarly facing an alarming increase in ransomware crimes, causing the government to deploy an inter-agency task force to curb its steep rise.⁵

3. Distributed denial of services (DDoS)

A DDoS attack disrupts a system by bombarding an IP address with requests until a server crashes. Hackers accomplish this using botnets, or a network of devices controlled via malware.

Despite the myriad threats facing enterprises today, research shows that 77% of organisations have no formal incident response (IR) plan.⁶ A robust cybersecurity IR plan that addresses short- and long-term goals is crucial to any organisation that seeks to minimise the consequences of data breaches.

A cyber breach affects more than just your network, so you need a well-rounded team to swiftly respond when an incident occurs.

There are four key parts to a good IR team: a team leader to coordinate tasks and report to executives, a technical expert or experts with a deep understanding of your systems, a communications manager to develop internal and external statements, and legal counsel to guide you through compliance with law enforcement.⁷

These professionals will actively develop your IR plan before a crisis occurs. Pre-incident, their responsibilities include running tests to address vulnerabilities and ensuring that company-wide cybersecurity measures are up to date.

Prepare different workflows for different incident alert levels. Then review these plans every three months to ensure their continued relevance to the ever-evolving digital landscape. Trustwave’s elite SpiderLabs team is a great partner for this practice, with their expertise in running automated security tests that examine and identify security gaps in your environment.

Your IR team is the first to be alerted and mobilised when a breach is detected. Should a breach affect access to default communication channels such as your email⁸, have alternative streams of communication ready to enable quick correspondence. Once alerted, technical experts examine breach details and damage severity to determine which workflow to execute.

Time is of the essence during an incident. Singtel bolsters your team’s defenses with decisive and effective threat detection and response services to avoid further data compromise and eradicate the threat at hand.

Cyberbreaches can drastically tarnish an enterprise’s reputation to current customers and the general public. Customers may lose trust in your company when they believe their personal information has been mishandled, and the perceived riskiness may make others deem it unsafe to give numbers and home addresses to you.

Mitigate such adverse effects with a clear, concise communication strategy—first to alert employees, then to inform customers and stakeholders. Produce also a statement for responding to media inquiries. Detail information taken, if any, and steps taken to contain threats. Your communications manager and legal counsel work together at this point to ensure statements fall within legal policies on cyberattacks and do not disrupt investigations.

A business continuity plan is part of your cybersecurity playbook that enables your organisation to keep running after a data breach. Hold a post-mortem meeting to identify the breach impact, what weaknesses it has revealed, and action points for recovery.

Since human error still accounts for an overwhelming majority of breaches, enterprises must not overlook the value of cybersecurity education. Singtel helps enterprises address this need with an extensive cybersecurity training program that hones employees’ cyber skills.

A strong cybersecurity playbook involves both experts and regular employees working together to form a solid defence system that evolves with you and stays on par with advancing technology.

Contact us to learn more about Singtel’s cybersecurity services.