Cancel OK

A good incident response to a cyber attack can make or break your company

A few weeks ago, I joined the Produce Marketing Association for a virtual town hall that discussed cybersecurity and the fresh produce industry.

While we were able to talk a lot about what organizations can do to protect themselves today, there’s more we can do to prepare as an industry.

I’ve often said that it’s not a matter of IF your organization will experience an incident, but when, and preparedness is crucial to ensuring that your company can recover fully.

The first step is preparing your company with incident response (IR) and business continuity planning.

With the exception of critical infrastructure where uptime is essential, many organizations may not need to operate at the speed that fresh produce companies do in their 24/7/365 operation.

The “perishable reality” of fresh produce amplifies the need to be up and always running. Plus, the speed and complexity that ag-focused businesses operate in makes IR more challenging.

Incident Response Planning 101
In short, IR planning is a playbook for how your organization will respond to a disaster.

IR planning can take a lot of different paths but typically encompasses the following components to help guide the organization through response protocols:

IT response.
With help from external IT consulting firms or experts, this part is straightforward and based on the worst possible scenario approach. Typically, this encompasses a “IT does X, Y, and Z to return to normal or get criminals out of the system.”

This involves planning for the worst possible situation, such as a cryptolocking event, that covers every contingency. From that point, if a smaller incident occurs, you can compartmentalize what needs to be done based on a larger, more extensive plan.

Communication (both internal and external).
When an incident occurs, clear internal and external communication is a critical part of IR. You must be able to communicate effectively to your employees about the next steps and how this will affect their day-to-day roles.

You will also need to communicate to executives and in many cases, a board of directors, as well as the media. Putting together a crisis response team should include communications professionals.

Business continuity.
An IR plan must have a business continuity plan in place alongside it. This dictates how your organization will operate while systems are down.

It answers the questions, “If I don’t have my ERP system, how am I going to produce?,” “Do I ship what I normally ship?,” “Do I slow down, communicate with the customer?,” “How do I print labels or conduct inventory?”

Its focus is the continuity of the business despite the loss of access to critical components related to the supply chain.

While IR is more of an IT-focused activity to help get systems back online and vulnerabilities addressed, there must be buy-in from the entire C-suite on how incidents are reported and communicated.

Modern Agriculture + IR Planning
Many fresh produce companies may approach IR planning by thinking they can go back to the way they did business before technology streamlined operations and became an integral part of the supply chain. But that’s not the reality we live in today.

The world surrounding agriculture has changed. Quality assurance (QA) and the speed of processing is different, demand is greater, and it’s not just salad being loaded onto a truck anymore. Companies today significantly rely on IT systems and solutions.

Successful IR planning takes the realization of the importance of IT from an organization’s leadership, which is a significant step toward realizing operational maturity.

IT must be involved in this process because they must look at the systems in use, understand how they work and what they do, and evaluate them to develop a plan to respond to an incident.

A few weeks ago, I joined the Produce Marketing Association for a virtual town hall that discussed cybersecurity and the fresh produce industry.

While we were able to talk a lot about what organizations can do to protect themselves today, there’s more we can do to prepare as an industry.

I’ve often said that it’s not a matter of IF your organization will experience an incident, but when, and preparedness is crucial to ensuring that your company can recover fully.

The first step is preparing your company with incident response (IR) and business continuity planning.

With the exception of critical infrastructure where uptime is essential, many organizations may not need to operate at the speed that fresh produce companies do in their 24/7/365 operation.

The “perishable reality” of fresh produce amplifies the need to be up and always running. Plus, the speed and complexity that ag-focused businesses operate in makes IR more challenging.

Incident Response Planning 101
In short, IR planning is a playbook for how your organization will respond to a disaster.

IR planning can take a lot of different paths but typically encompasses the following components to help guide the organization through response protocols:

IT response.
With help from external IT consulting firms or experts, this part is straightforward and based on the worst possible scenario approach. Typically, this encompasses a “IT does X, Y, and Z to return to normal or get criminals out of the system.”

This involves planning for the worst possible situation, such as a cryptolocking event, that covers every contingency. From that point, if a smaller incident occurs, you can compartmentalize what needs to be done based on a larger, more extensive plan.

Communication (both internal and external).
When an incident occurs, clear internal and external communication is a critical part of IR. You must be able to communicate effectively to your employees about the next steps and how this will affect their day-to-day roles.

You will also need to communicate to executives and in many cases, a board of directors, as well as the media. Putting together a crisis response team should include communications professionals.

Business continuity.
An IR plan must have a business continuity plan in place alongside it. This dictates how your organization will operate while systems are down.

It answers the questions, “If I don’t have my ERP system, how am I going to produce?,” “Do I ship what I normally ship?,” “Do I slow down, communicate with the customer?,” “How do I print labels or conduct inventory?”

Its focus is the continuity of the business despite the loss of access to critical components related to the supply chain.

While IR is more of an IT-focused activity to help get systems back online and vulnerabilities addressed, there must be buy-in from the entire C-suite on how incidents are reported and communicated.

Modern Agriculture + IR Planning
Many fresh produce companies may approach IR planning by thinking they can go back to the way they did business before technology streamlined operations and became an integral part of the supply chain. But that’s not the reality we live in today.

The world surrounding agriculture has changed. Quality assurance (QA) and the speed of processing is different, demand is greater, and it’s not just salad being loaded onto a truck anymore. Companies today significantly rely on IT systems and solutions.

Successful IR planning takes the realization of the importance of IT from an organization’s leadership, which is a significant step toward realizing operational maturity.

IT must be involved in this process because they must look at the systems in use, understand how they work and what they do, and evaluate them to develop a plan to respond to an incident.

Greg Gatzke is the President of ZAG Technical Services, an award-winning IT consulting firm and managed services provider based in San Jose and Salinas, CA, and Boise, ID.