Cyber attacks are in the news every day. You can dedicate enormous amounts of time and energy towards protecting your company, for intruders to find a way in regardless. New threats appear every day and an attack on your company is almost inevitable, with hackers seemingly exploiting different vulnerabilities every time. That’s the shocking and unfortunate reality of the situation.
The UK Government's cyber security breaches survey found that only 30% of firms had cyber security policies in place - and that only 10% had an incident management plan.
While you might not be able to avoid one, there’s still much you can do to prepare your organisation for this eventuality. Having a ready, informed and practiced IT team, who know exactly what to do when the time comes, will make all the difference to securing your company’s data. But how do you make sure you are well prepared for such an event?
We’re going to go through some valuable steps on how to prepare your IT department for a cyber attack. These tips will include:
- Practice drills
- Further practice
- Dedicate an incident response budget
- Stay informed
- Security technologies
- Consider an outsourced team
We practice almost every different type of attack that might happen in the workplace. We undertake fire drills, some may undertake bomb drills or armed intruder drills. Practice cyber attack drills should be undertaken, too.
Remember the adage, "Fail to prepare, prepare to fail"
Conducting a cyber attack drill is the best way to be prepared for a cyber attack. You can purchase or download software that will simulate an attack that has breached your network, which allows your IT department to enact their procedure and turn the words into real action. It may appear over-dramatic, but with the stakes higher than ever, it pays to prepare.
Preparation and practice will hone response times, disaster recovery skills and will identify any gaps in your current plan - before the real thing, not during. Have you...?
- Identified key assets
- Produced a plan of action to limit damage
- Considered response strategies to different types of attack
(DDoS; Ransomware; Malware; Phishing; Social engineering; Employee error)
- Defined and assigned responsibilities to the team
- Produce a post-attack recovery plan
- Considered your Public Relations strategy
This is also a good time for your IT department to get a very real sense of how your policy works, as well as practicing their individual roles to build experience and familiarity.
Most importantly, keep practising. Like any drill, testing out different scenarios and repetition is the best way to gain experience. When a real attack happens, you save significant time with a focused and purposeful response - avoiding having to consider, discuss or test different remediation strategies.
Remember, different types of attack will require a different response. Keeping informed about the latest threats is a important strategy to anticipate the likely threat you will face.
Make sure you have a pre-determined security incident response budget, which is only to be used in the event of a cyber attack. This budget will ensure you are able to swiftly and effectively respond, such as hiring in external specialists, or paying ransomware demands (if you choose). Having an allocated budget minimises procedural barriers and acts as a safety net. Even if it is not required.
It pays to keep up to date with news of the latest cyber security threat intelligence, as well as the new attacks that have occurred each day. Hackers' cyber attack strategies constantly evolve. Understanding and preparing strategies in the event of an attack will ensure your responses are well primed - and you are confident in the remediation actions taken.
Ensure your security technologies are fully deployed, up to date and 'known vulnerabilities' - such as software security patches - are always up to date.
In the event of an attack, you do not need to be deploying or updating security technologies, patching software - closing wide open doors. It might seem obvious, but the majority of threats originate from known security vulnerabilities, as we've seen with the WannaCry and Petya/NotPetya ransomware attacks.
While you may choose to keep your cyber security team in-house, outsourced teams have better resources, few budget restraints and a wider breadth of experience - as well as operating 24/7 to provide an end-to-end security monitoring service.
When it comes to a security breach, timing is everything to quickly fend off and neutralise an attack - and prevent data loss. An outsourced team will have a much faster response times to security threats, operating 24/7, 365 days a year to respond to attacks and undertake any remediation actions. With that in mind, it is understandable why many organisations choose to outsource their critical security monitoring - especially with the increased regulation through the introduction of GDPR.
- SOC team roles and responsibilities in a security operations centre
- INFOGRAPHIC: The 8 most common types of cyber attack
- How often should you audit your cuber security and who should do it?
- Cyber essentials plus: a step by step guide to implementation
How prepared is your organisation for a Cyber Attack?
If you surprised your IT team with a cyber attack drill tomorrow, would they be up to the task? If the answer is no, then it may be time to consider outsourcing your security monitoring.