The 3 Keys to Modern Crisis Management and Incident Response

In today’s rapidly evolving cybersecurity landscape, organizations face unprecedented challenges in managing crises and responding to incidents. A recent CISO roundtable brought together industry experts to discuss the three keys to modern crisis management and incident response. Featuring leaders from the Fellsway Group and Ontinue, this roundtable discussion sheds light on critical practices and strategies to fortify business resilience.

Crisis management and incident response are foundational capabilities for organizations. As the panel of experts emphasizes, having a plan in place—before a crisis occurs—ensures that businesses can not only survive but thrive in the face of adversity.

For this blog post, we’ve synthesized the CISO panel into a Question and Answer format.

Why are crisis management and incident response so crucial?

John Mumford, Fellsway Group: These capabilities ensure businesses can survive and thrive under adversity. Cyber risk should be treated as a business-critical issue, requiring ongoing dialogues among executives and technical teams to maintain resilience.

How can leadership and clear responsibilities aid during a crisis?

Rob Bussey, Fellsway Group: Regular tabletop exercises and simulations help build muscle memory and ensure everyone knows their roles during a crisis.

Mumford: Clear roles are vital, ensuring that when a crisis occurs, executives and teams know their duties, such as engaging cyber insurance or handling communications with stakeholders. This collaboration extends beyond the security teams.

What role does continuous monitoring play in incident response?

Daniel Morris, Ontinue: Monitoring tools like MDR and XDR solutions reduce dwell time by providing real-time insights and improving visibility across environments. Making actionable data from these tools is crucial for effective response, as are proper configuration and regular audits.

How should incident response integrate with business resilience?

Morris: Continuous monitoring and proper tooling are essential for safe recovery. Organizations should practice with their tools to ensure they are ready for any incident

Mumford: Incident response should be coordinated with business continuity and disaster recovery plans. This includes having a hierarchy of decision-making to ensure proper recovery without recontamination.

Can crises turn into opportunities for organizations?

Bussey: One client realized the importance of business continuity and disaster recovery plans after their main system was down for two to three weeks. Crises often reveal gaps in strategies, prompting improvements in business continuity and disaster recovery plans and ultimately strengthening resilience.

Mumford: They can highlight valuable practices, like network segmentation, turning underestimated aspects into essential insights. During chaotic event, the CEO took it upon themselves to ensure documentation was being done, which turned into an opportunity to improve their processes.