While most large organisations have incident response plans in place, few have covered all aspects of incident response, or tested their plans thoroughly enough. And these gaps in planning tend to become apparent only in a crisis situation.
This is according to Yunus Scheepers, director of cyber security operations at BUI, who was speaking ahead of the ITWeb Security Summit 2025.
Scheepers says: “Having served in CIO roles and worked with numerous security customers, I've found that many senior IT security leaders think they're prepared for an incident, but they're actually not. And it's not because they haven’t taken the time to plan for these things; it's more a case of they don’t know what they don't know.”
One challenge, he says, is that organisations don’t operationalise and test their incident response plans. “So, there's a 40-page document that talks about everything that's needed, but it's never actually been communicated to the organisation. It's never been operationalised in terms of making sure that those people who are listed as the incident response team know that they are in that incident response document, and know what their responsibilities are. For example, there's a difference between internal communication and external communication planning. And if you're responsible for internal communication planning, you need to know who to communicate to and what to communicate.”
Testing is equally crucial, he notes. “When a critical incident happens, you don't really have time to think about what needs to be done. Incident response isn’t something you should practise until you get it right – you need to practise until you can't get it wrong. Because during a critical incident, when everybody's panicking, everything that you've learned goes out of your brain.
“Organisations need guidance from experts who have experience in this space, who spend their time understanding what's required in an incident response plan, and how to operationalise it,” he says.
BUI’s extensive security practice assists customers in developing incident response plans, disaster recovery plans, business continuity plans and backup plans, ensuring that the roles and responsibilities are defined and that the relevant people are assigned to those roles and responsibilities, he notes.
“We help companies make sure that there aren't any gaps. We walk them through security scenarios as part of a tabletop exercise and help them identify the critical assets within their organisation. We also help companies harden their environments, with services such as environment evaluation, vulnerability assessments, penetration testing, system hardening, digital forensics and a 24/7 Cyber Security Operations Centre,” Scheepers says.
BUI is a Diamond Sponsor of the ITWeb Security Summit 2025 in Cape Town and Platinum Sponsor of the ITWeb Security Summit 2025 in Johannesburg, where Scheepers will present a talk on incident response planning. BUI will also showcase its managed extended detection and response services and digital forensics capabilities, with demonstrations on how to recover e-mails from a ransomware attack, and how devices are hacked. BUI’s stand will feature giveaways and a robot dog.
The ITWeb Security Summit Cape Town will be staged at the Cape Town International Convention Centre on 27-28 May.
The ITWeb Security Summit Johannesburg will be held at the Sandton Convention Centre from 3-5 June.
For information and to register, visit the official event websites:
Cape Town: https://www.itweb.co.za/event/itweb-security-summit-cpt-2025/
Johannesburg: https://www.itweb.co.za/event/itweb-security-summit-2025/
Share