You Are Not London Drugs
With London Drugs’ troubles all over the news, it reminds us all that it’s not ‘if’ but ‘when’. Every time you come across the London Drugs name, do you flinch and think that your organization might be next? Is your IT department well prepared? Are employees cyber aware? Do you have an updated and vetted cybersecurity incident response plan? Here’s a checklist.
First The Good News

In Splunk’s 2024 Survey State of Security Report, they summarize: the state of security in 2024 is a bit of a contradiction. Despite the obstacles in security professionals’ paths — stringent compliance requirements, escalating geopolitical tensions, and a more sophisticated threat landscape — the industry is making progress. Many organizations report that cybersecurity is becoming easier to manage compared to previous years. Organizations collaborate more and detect threats faster, and most have the authority and resources to solve the issues they face. 41% of respondents said that year over year, keeping up with cybersecurity has become easier, compared to only 17% in 2022.
Response Plan Checklist
What should be included in your incident response plan?
- Education – What is your cybersecurity awareness and action plan for employees, senior management and IT staff?
- Detection – How will you detect a potential breach?
- Reporting – How can an employee report something suspicious? How is it escalated to your security team? How do members of your IT department and your security team recognize and escalate a potential problem?
- Declaration – What are your incident declaration procedures?
- What is the immediate response by the security team? It should include a decision tree to shut down everything or take one of a set of predefined lesser actions.
- What is your communication plan to senior management, your insurer, employees, customers and the public?
- How will your IT department and security team work with cyber insurance-provided specialists? Who will be in charge? How will decisions be made?
- What is your resolution plan to activate partial service if required? This might include relocating staff to an offsite disaster recovery site.
- What are the actions that will end the incident response and return to normal operations?
- What will be in the incident report?
Everyone Plays a Part
IT, of course, plays the biggest part in keeping the organization safe.
Senior Management understands cybersecurity at a high level. IT has explained what needs to be done to mitigate risks including cybersecurity insurance.
Non-IT employees have been well trained on cybersecurity awareness. They avoid most traps, and even more important, they report a potential problem even when they’re not sure.
The more you educate your employees on security awareness, the stronger you build your first line of defence. Use this story as a case study to prove to your executives that security training should be a priority and deserves more resources and budget. Then, implement engaging interactive training on topics that are relevant to your business like social engineering, passwords, and phishing.
Because of one attack, London Drugs was out of business for over a week and still isn’t working at full capacity. Don’t let this happen to your business. Stay safe by planning ahead, using proper data storage techniques, and educating your employees. Have procedures in place to smoothly work your way through any level of incident.
If you’d like to leverage our expertise, whether you’re an existing client or not, or if you’d like to comment on this article, please email me at ellen.
This article was published in the
May 2024
edition of The TMC Advisor
- ISSN 2369-663X Volume:11 Issue:4
©2024 TMC Consulting