Home / Blog / General / How to prepare your IT Department for a Cyber Attack

November 29, 2017

Cyber attacks are in the news every day. You can dedicate enormous amounts of time and energy towards protecting your company, for intruders to find a way in regardless. New threats appear every day and an attack on your company is almost inevitable, with hackers seemingly exploiting different vulnerabilities every time. That’s the shocking and unfortunate reality of the situation.

The UK Government’s cyber security breaches survey found that only 30% of firms had cyber security policies in place – and that only 10% had an incident management plan.

Hacker Cyber Attack

While you might not be able to avoid one, there’s still much you can do to prepare your organisation for this eventuality. Having a ready, informed and practiced IT team, who know exactly what to do when the time comes, will make all the difference to securing your company’s data. But how do you make sure you are well prepared for such an event?

We’re going to go through some valuable steps on how to prepare your IT department for a cyber attack. These tips will include:

Practice drills

We practice almost every different type of attack that might happen in the workplace. We undertake fire drills, some may undertake bomb drills or armed intruder drills. Practice cyber attack drills should be undertaken, too.

Remember the adage, “Fail to prepare, prepare to fail”

Conducting a cyber attack drill is the best way to be prepared for a cyber attack. You can purchase or download software that will simulate an attack that has breached your network, which allows your IT department to enact their procedure and turn the words into real action. It may appear over-dramatic, but with the stakes higher than ever, it pays to prepare.

Preparation and practice will hone response times, disaster recovery skills and will identify any gaps in your current plan – before the real thing, not during. Have you…?

  • Identified key assets
  • Produced a plan of action to limit damage
  • Considered response strategies to different types of attack
    (DDoS; Ransomware; Malware; Phishing; Social engineering; Employee error)
  • Defined and assigned responsibilities to the team
  • Produce a post-attack recovery plan
  • Considered your Public Relations strategy

This is also a good time for your IT department to get a very real sense of how your policy works, as well as practicing their individual roles to build experience and familiarity.

SOC Security Analysts

Further practice

Most importantly, keep practising. Like any drill, testing out different scenarios and repetition is the best way to gain experience. When a real attack happens, you save significant time with a focused and purposeful response – avoiding having to consider, discuss or test different remediation strategies.

Remember, different types of attack will require a different response. Keeping informed about the latest threats is a important strategy to anticipate the likely threat you will face.

Dedicate an incident response budget

Make sure you have a pre-determined security incident response budget, which is only to be used in the event of a cyber attack. This budget will ensure you are able to swiftly and effectively respond, such as hiring in external specialists, or paying ransomware demands (if you choose). Having an allocated budget minimises procedural barriers and acts as a safety net. Even if it is not required.

Stay informed

It pays to keep up to date with news of the latest cyber security threat intelligence, as well as the new attacks that have occurred each day. Hackers’ cyber attack strategies constantly evolve. Understanding and preparing strategies in the event of an attack will ensure your responses are well primed – and you are confident in the remediation actions taken.

Security technologies

Ensure your security technologies are fully deployed, up to date and ‘known vulnerabilities’ – such as software security patches – are always up to date.

In the event of an attack, you do not need to be deploying or updating security technologies, patching software – closing wide open doors. It might seem obvious, but the majority of threats originate from known security vulnerabilities, as we’ve seen with the WannaCry and Petya/NotPetya ransomware attacks.

Consider an outsourced team

While you may choose to keep your cyber security team in-house, outsourced teams have better resources, few budget restraints and a wider breadth of experience – as well as operating 24/7 to provide an end-to-end security monitoring service.

Comtact's UK Security Operations Centre (SOC)

When it comes to a security breach, timing is everything to quickly fend off and neutralise an attack – and prevent data loss. An outsourced team will have a much faster response times to security threats, operating 24/7, 365 days a year to respond to attacks and undertake any remediation actions. With that in mind, it is understandable why many organisations choose to outsource their critical security monitoring – especially with the increased regulation through the introduction of GDPR.

Further reading

How prepared is your organisation for a Cyber Attack?

If you surprised your IT team with a cyber attack drill tomorrow, would they be up to the task? If the answer is no, then it may be time to consider outsourcing your security monitoring.