Cyber attacks are in the news every day. You can dedicate enormous amounts of time and energy to protecting your company, but intruders can find a way in regardless. New threats appear every day and an attack on your company is almost inevitable, with hackers seemingly exploiting different vulnerabilities every time. That’s the shocking and unfortunate reality of the situation.
The UK Government’s Cyber Security Breaches Survey found that only 30% of firms had cyber security policies, and only 10% had an incident management plan.
While you might not be able to avoid one, there’s still much you can do to prepare your organisation for this eventuality. A ready, informed and practised IT team that knows exactly what to do when the time comes will make all the difference in securing your company’s data. But how do you ensure you are well prepared for such an event?
We will go through some valuable steps to prepare your IT department for a cyber attack.
Practice Drills
We practice almost every different type of attack that might happen in the workplace. We undertake fire drills; some may undertake bomb or armed intruder drills. Practice cyber attack drills should be conducted, too.
Remember the adage, “Fail to prepare, prepare to fail.”
Conducting a cyber attack drill is the best way to prepare for one. You can purchase or download software that will simulate an attack that has breached your network, which allows your IT department to enact its procedure and turn the words into real action. It may appear overdramatic, but with the stakes higher than ever, it pays to prepare.
Preparation and practice will hone response times and disaster recovery skills and identify gaps in your current plan— before the real thing, not during. Have you...?
- Identified key assets
- Produced a plan of action to limit damage
- Considered response strategies to different types of attack
(DDoS; Ransomware; Malware; Phishing; Social engineering; Employee error) - Defined and assigned responsibilities to the team
- Produce a post-attack recovery plan
- Consider your Public Relations strategy
This is also a good time for your IT department to understand their roles to build experience and familiarity.
Further Practice
Most importantly, keep practising. Like any drill, testing different scenarios and repetition is the best way to gain experience. When a real attack happens, you save significant time with a focused and purposeful response, avoiding considering, discussing or testing different remediation strategies.
Remember, different types of attacks will require different responses. Keeping informed about the latest threats is an important strategy for anticipating the likely threats to your Response Budget.
Make sure you have a pre-determined security incident response budget, which is only to be used in the event of a cyber attack. This budget will ensure you can swiftly and effectively respond, such as hiring external specialists or paying ransomware demands (if you choose). An allocated budget minimises procedural barriers and acts as a safety net even if not required.
Stay Informed
It pays to keep updated with news of the latest cyber security threat intelligence and the new attacks that occur daily. Hackers’ cyber attack strategies constantly evolve. Understanding and preparing a plan during an attack will ensure your responses are well primed and you are confident in the remediation actions.
Security Technologies
Ensure your security technologies are fully deployed and updated and known vulnerabilities, such as software security patches, are always up to date.
In the event of an attack, you do not need to deploy or update security technologies or patch software, closing wide-open doors. It might seem obvious, but most threats originate from known security vulnerabilities, as we’ve seen with the WannaCry and Petya/NotPetya ransomware attacks.
Consider an Outsourced Team
While you may choose to keep your cyber team in-house, outsourced teams have better resources, fewer budget restraints and a wider breadth of experience. They also operate 24x7 to provide an end-to-end security monitoring service.
Regarding a security breach, timing is everything to fend off,neutralise an attackand prevent data loss quickly. An outsourced team will have much faster response times to security threats, operating 24x7, 365 days a year to respond to attacks and undertake any remediation actions. With that in mind, it is understandable why many organisations outsource their critical security monitoring, especially with the increased regulation through the introduction of GDPR.
Further Reading
- SOC Team Roles and Responsibilities in a Security Operations Centre
- INFOGRAPHIC: The 8 Most Common Types of Cyber Attack
- How Often Should You Audit Your cyber security? Do It?
- Cyber Essentials Plus: A Step-by-Step Guide to Implementation
How Prepared Is Your Organisation for a Cyber Attack?
If you surprised your IT team with a cyber attack drill tomorrow, would they be up to the task? If the answer is no, it may be time to consider outsourcing your security monitoring.