5 Critical Pieces of a Good Cybersecurity Playbook

As a Managed Service Provider (MSP), security is who you are, not something you offer. With cyber attacks growing in frequency and sophistication, plus the influx of remote workers, and the risks these factors pose to both MSPs and your SMB customers, security can no longer be an optional service. In fact, over 50% of SMBs permanently close following a cyber attack. Take a security-first approach with all your customers using a cybersecurity playbook as your guide.

What is a Cybersecurity Playbook?

Basically, it’s a precise action plan for when there’s been a breach. A cybersecurity playbook answers the following questions to not only recover completely, but to prevent, and bring awareness to current risk factors.

  • What layers of security are keeping attackers out?
  • What threats are currently being exploited and what protections are in place to address them?
  • What is your intrusion detection mechanism? What are you tracking on your network?
  • What is the communication plan when an incident occurs? Who is the incident response leader?
  • What is your incident response plan? Including policies for reporting and tracking an incident.
  • How do you recover and what is the business continuity strategy?

Your cybersecurity playbook is an established rulebook of regimented and repeatable processes, defined steps, and up-to-date checklists that address the full gamut of an incident. From protection to recovery  and remediation, the cybersecurity playbook, along with regular practice drills, tabletop exercises, and updates, ensures preparedness when time is essential.

Incident Response vs. Cybersecurity Playbook

The biggest difference is incident response is not a security playbook. Incident response defines the process for identifying an issue, reporting on it, and communication. Your cybersecurity playbook is comprehensive across the organization and includes incident response, but goes above and beyond. It’s a complete manual and map for preventing, addressing, and recovering from incidents varying in criticality. Playbooks should be reviewed quarterly for new threats and to ensure it adequately addresses current business needs. Five critical pieces of a cybersecurity playbook include…

1. Protection

Cyber attacks are a business for bad actors, and the name of the game is ROI. Your goal as an MSP is to make your business, and your customers’ businesses, harder to attack than anyone else. If a bad actor can easily break through the protections in place, they will. However, a robust layered security strategy, complete with network, mobile, endpoint, and email security; security and identity management; compliance; data protection; and training and certification – requires a lot more time and effort to break through. So much time and effort that the investment necessary isn’t worth the hackers’ return.

2. Detection

Intrusion detection, dwell time, and scope of compromise make up your detection approach. These are the first factors to consider in a cybersecurity playbook because of their influence on your incident response plan.

  • Intrusion detection: Knowing when there’s been an attack or breach. How will you be notified?
  • Dwell time: Amount of time the bad actor has been on your network or systems. When did the breach occur vs. when you found out. It could be months!
  • Scope of compromise: Number of things touched, type of data affected, and data extracted. What did the bad actor do once they gained access?

3. Communication

During a crisis, streamlined communication and clear understanding of who is in charge of what, will help you recover quickly and smoothly. As part of your crisis communication team, appoint an incident response leader who acts as the point person for the rest of the team. Determine the appropriate people who will share details of the incident, as well as stakeholders who need to be notified. These roles could include C-suite executives, customers, vendors, government and regulatory agencies, lawyers, financial personnel, and public relations.

Of specific note are businesses operating under compliance standards and regulations. If you do not follow breach notification policies, defining when and how you report the incident, you could face fines and penalties.

4. Response

Incident response policies are to be followed no matter the size of the incident. What may be considered a regular, contained, or smaller breach – for example, clicking a phishing link in an email – still needs to follow the protocol of the playbook to improve cybersecurity and increase cyber resiliency. Your cybersecurity playbook should have criticality classifications and clear direction to help define the impact of a breach. Based on the significance of the incident, the incident response leader will choose the appropriate path or play from the playbook.

Avoid unreported incidents by including reporting policies in regular company-wide security training. Everyone in the organization should know not to attempt to solve a problem by themselves. Accidentally clicking a phishing link will happen, and human error is the number one cause of data loss, so normalize reporting over blaming. Failure to report a problem is the problem – not the breach itself.

5. Recovery

Business continuity must be pre-planned. Cover the basics of cyber defense regularly with employees and make sure cybersecurity training is interactive to increase retention. Practice your disaster recovery plan and conduct regular disaster recovery tests to gain comfort and assurance in the quality of your backups. Additionally, knowing how long recovery will take can put business leaders at ease if downtime is unavoidable. Of course, the reason for backup is to recover, so as part of your disaster recovery plan, you must have always-on, built-in backup.

Utilizing Your Playbook for Growth.

Creating a cybersecurity playbook for customers ensures fast recovery and increased security. Additionally, it can help extend your services as a vCIO (virtual chief information officer) and a trusted partner in the boardroom. Presenting a mandatory and comprehensive playbook to customers emphasizes your value, authority, and commitment to protecting businesses. Utilize best-in-class solutions and marketing resources from your providers to expand your business and grow profits.

The Axcient x360 Platform gives MSPs an all-in-one portal to meet the backup needs of customers and their cybersecurity playbooks. Contact Us, Schedule a Demo, or Start Your Free 14-Day Trial to see how MSPs are saving resources through standardization, operational maturity, and comprehensive solutions that Protect Everything.

About the Author:
Ben Nowacky // SVP of Product, Axcient

As Senior Vice President of Products for Axcient, Ben Nowacky leads the Engineering and Security teams to provide business continuity and cloud enablement services. He’s also a semi-amateur boxer and modern-day renaissance dog trainer. When he’s not banging the keyboard and helping MSPs, he loves long walks on the beach and romantic dinners with his wife.