October 21, 2022 | 1 minute read

Effective Cyber Incident Response Begins Before an Attack

FTI Consulting

Any organization, regardless of industry or size, that handles or stores personal or sensitive information presents an opportunity for cyber threat actors to exploit. Accessing, exfiltrating, and ultimately leveraging this information – whether through sale or extortion – is the goal of many cyber actors. The hospitality industry is full of personal information, like email addresses and birthdates, as well as potentially more sensitive information, like payment card details, making it a lucrative target.

So, how do organizations stay ahead of threats and ensure that they are properly prepared to detect an incident?

Simply put, every organization should have an incident response plan (IRP) that is tailored to the specific risks they face, and it should be routinely tested and altered to keep pace with evolving threats. The first time an IRP is put into use should not be during an actual cyber attack.

Before building an IRP, organizations should establish and train a dedicated incident response team and ensure that the tools and resources needed for an effective response are available. This can be determined through a cyber risk assessment that identifies critical assets, threats, and vulnerabilities facing the organization.

From there, employees across the entire organization and from all departments should know their exact roles and responsibilities in advance. This creates a unified and efficient decision-making process throughout the incident response lifecycle, which is crucial in addressing the elements often associated with a cyber attack or breach: containing the incident, preserving evidence, following regulatory requirements, disclosing information to key stakeholders, eradicating the threat, and beginning remediation efforts.

This process should be assessed, practiced, and enhanced through regular cyber incident response exercises, which helps evaluate incident response efforts, and provides organizations with insight into their strengths and weaknesses. As a result, the lessons learned can help improve the effectiveness of an IRP, and the takeaways can create stronger readiness to detect and respond to an attack.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.

FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.

The PCPD noted that the personal data of over 290,000 Hong Kong customers might have been affected. Having considered the nature of the incident and the significant number of data subjects involved, the PCPD has commenced a compliance check into the incident.