However, according to research by Experian, 19% of the respondents confirmed they had never developed a breach response plan, and of the 81% stating that they had a baseline plan established, only 34% felt that their plan was effective.

What's worse, of the 81% with a baseline plan, approximately 37% of those reported they had never updated or reviewed their plan since it was created. And only 3% reported they review their plan quarterly, while 14% reviewed it annually.

The "set it and forget it" method may be great for some investors' IRAs, but financial firms' breach response plans should never be left alone. Today's attackers are often highly educated cybercriminals with extensive experience and practiced skills. They have become increasingly adept at finding vulnerabilities to exploit. Given that payouts from successful attacks in financial services are huge, attackers are extremely persistent at finding a path into secure financial networks. With the growing threat level in this industry, increasing regulations, evolving technologies and heightened motivation, it is increasingly important to update breach response plans frequently. Otherwise, the plan could fail just when it is needed most.

If you are in charge of security, you are likely responsible for implementing, testing and reviewing your financial institution's breach response plan. The following recommendations can help ensure the important steps are followed to keep plan activities and responsibilities updated.

1. Conduct fire drills with mock attacks at least once per month to give employees the chance to practice responding to a breach attempt.

2. Keep track of system activity on a daily basis to monitor security alerts. Evaluate how team members would have responded to the breach if it had been successful.

3. Compile historical data on successful attacks, including how the vulnerability was exploited, and the response team's performance.

4. Host a breach response team meeting at least once a month in order to:

   • Discuss holes in the plan that team members have identified through their drills;

   • Review the response checklist for missing or unneeded steps;

   • Ensure that your breach notification plan is current;

   • Discuss budget needs; and

   • Review new threats that have been identified globally.

5. Help employees who require additional training, especially member service representatives and receptionists tasked with responding to external inquiries.

6. Since it's a regulated industry, monitor changes in regulations or ask compliance officers to keep you advised of any changes.

7. If you have data or applications in the cloud, discuss your cloud vendor's method for responding to data breaches. Ask your vendor for a copy of their response checklist, including contact information for at least two of their employees responsible for responding to breaches, and gather any other information that might be useful.

In today's world, every financial services organization must recognize the likelihood of a cyberattack. It is inevitable that a hacker will try to access your system for financial gain eventually. By having an effective plan and remaining vigilant, you will have a better chance of stopping the hacker's efforts. However, it is critical to also plan how to respond should the attack be successful if you want to minimize the damage to your organization's finances and reputation.

Planning for a breach and putting a response plan together may feel overwhelming. But there are tools and technology that can help. For example, a security operations platform that combines intelligent automation and collaboration into a ChatOps interface can facilitate scaling of incident response processes and improving security operations for benefits well beyond an attack instance.

Rishi Bhargava is Vice President of Demisto. He can be reached at 408-905-8344 or [email protected].