Reducing the potential for business disruption with clear incident response procedures

IT Security incidents are inevitable in a hyper-connected, technology-dependent world. The extent of their impact on business operations is less easy to foresee. Much depends on how staff respond.

GM&T, the trading entity of an energy multinational, runs a global, multi-site operation where undisrupted services are critical to its reputation. Technology is embedded in every aspect of its business: from critical trading platforms to customer engagement, operations management and internal business processes. For many aspects of the core business, real-time systems performance is essential.

Despite the nature of its business, GM&T lacked any plan for responding to an information security incident. Without this, there was a risk that incidents could be mishandled, disrupting business operations as well as causing reputational damage. This problem was compounded by GM&T’s large network of satellite offices where local IT expertise was limited.

7Safe developed the incident response plan against the ISO27035 standard, ensuring the plan reflected the GM&T’s structure and met the requirement for a simple and clear set of procedures. The plan sets out how GM&T can prepare for, detect, assess, manage and then learn from any information security incident.

We also crafted a set of guidelines to ensure that digital evidence from any incident is preserved in accordance with the requirements of the local law enforcement agency. The guidelines, developed by one of our specialist digital forensic investigators, are accompanied by a simple, one-page aide-memoire to provide each local office with a step-by-step method for preserving evidence.

Our work allowed GM&T to roll out a clear, business-orientated incident response process that decreases the potential for business disruption and assures the collection of forensic evidence. It has also helped raise the profile of the information security function within GM&T as one that is now taking control of the incidents the business will inevitably continue to experience.

If your business needs help to respond to, recover and investigate cyber incidents, talk to one of our CSIR experts today or learn more about our Cyber Security Incident Response service.