As data breaches continue to impact organizations at an ever-increasing rate, the importance of effective cyber incident response is more important than ever. WaterISAC is sharing resources and tools to help utilities prepare for and implement this crucial aspect of organizational security.

Incident response involves having structured processes in place which are designed to identify and manage cybersecurity incidents. The SentinelOne Vigilance Respond team shares eight steps for effective incident response providing key recommendations and best practices to ensure organizations are well-prepared before such an incident occurs. Consider reviewing these eight steps and the guidance included for each to determine where your utility may need to bolster its incident response.

1. Engage Legal Counsel & Incident Response
2. Keep Affected Endpoints Online
3. Disconnect from the Network
4. Identify & Preserve Evidence
5. Collect IOCs & Samples
6. Prepare for Restoration
7. Develop a Timeline
8. Identify Endpoints

In addition to the resources shared above, WaterISAC reminds members of the recent federal resources, including Incident Response Guide for the water and wastewater sector and Top Cyber Actions for Securing Water Systems. The latter includes Develop and Exercise Cybersecurity Incident Response and Recovery Plans as the fifth top action and highlights resources for first developing an effective incident response plan, and then exercising it. No matter where your utility sits with its incident response procedures, be sure to examine these resources and implement them as is best for your utility. For more on incident response best practices and to review the eight steps above, visit SentinelOne.