Introduction
You’ll almost certainly have heard of organisations similar to yours who have suffered cyber attacks of some description. The drastic increase in such incidents in recent times will likely give you the looming fear of “what if we suffer a cyber attack?”. And we can’t blame you for having those concerns. Your organisation could have all appropriate measures in place to prevent a digital disaster, but protection can never be 100% guaranteed to stop it.
This is why it’s important for your organisation to understand what to do in case of an attack. You must learn how to deal with them, even if you’re confident that you’ve implemented all conceivable preventative precautions. It’s better to be prepared for the unthinkable than to cross your fingers and hope it never happens.
Luckily, by reading this article, you’ll have better knowledge of the best action to take if you ever experience a cyber attack.
What are cyber attacks?
Annoyingly, there’s no one answer to this question, as cyber attacks can come in a variety of forms. Hackers can and will target anything from computer information systems, computer networks, infrastructures, and even personal devices – including smartphones.
There’s one thing that should always be at the forefront of your mind when handling a cyber attack. No matter the form it takes, it could not only affect your organisation’s ability to continue functioning normally, but also compromise the personal data it holds. This can therefore put people – your customers and your staff – at risk.
How do you deal with cyber attacks?
The all-important question!
Remember, each cyber attack will be different. Your reaction to it will depend on the methods used by the attackers and the severity of the attack. What your organisation should be asking itself is how well its Senior Leadership Team (SLT) would respond to this kind of situation.
Your SLT should have in place:
- An effective cyber incident response plan.
- Inter-linked business continuity plan.
- Communications plans.
- Disaster recovery.
Approaching an incident response plan
A basic incident response plan should include:
Crisis management procedures – including roles, responsibilities, and contact details of key personnel.
Escalation criteria, along with a process for critical decisions.
Basic flowchart or process (this should cover the full incident life cycle).
At least one conference number.
Basic guidance on legal or regulatory requirements.
Backup and restoration plans for critical business systems and data.
Procedures for testing and updating the plan on a regular basis.
And to enhance your incident response plan your organisation should also include:
- Forms for documenting and tracking the incident.
- Additional detail on the IR stages and more technical guidance on containing, analysing, remediating and recovering from the incident.
- Playbooks / guidance on specific types of incidents.
- A process for documenting actions taken during an incident for auditing, learning, and evidentiary purposes.
- A process for documenting actions taken during an incident for auditing, learning, and evidentiary purposes.
More detailed guidance on incident response plans from the National Cyber Security Centre can be found here.
Dealing with cyber attacks as a team
Clarity is critical. To ensure that an incident is managed and handled successfully, everyone must understand their roles and responsibilities in a variety of cyber-attack scenarios.
It’s also essential that your organisation keeps a detailed and accurate record of the incident response, any decisions made, and actions taken and any data that is missing. This information will be extremely useful – especially if you ever need to present evidence of your response to a regulatory body like the Information Commissioner’s Office (ICO).
Other things to consider following a cyber attack
As mentioned before, how your organisation deals with an incident will depend on the incident itself. It will be important to understand the type and severity of the incident, to determine how urgent the response needs to be and which people need to be involved.
When thinking about the severity of an incident, your organisation will need to consider:
- Confidentiality – has sensitive data been accessed, leaked or stolen?
- Integrity – could data or systems have been altered in such a way that they now cannot be trusted?
- Availability – is the availability of data or systems impacted?
You will also need to determine what type of incident you are dealing with: malicious code, unauthorised access, data breach, a targeted attack, etc.
Conclusion
The reality is that there is a vast amount to consider when dealing with a cyber-attack/incident. What we’ve covered above is only the tip of the iceberg.
There are many factors to consider, and therefore, organisations may not feel as though they are prepared enough for dealing with an incident. As said before, it’s practically impossible to be 100% cyber attack-proof, or to know with certainty that there’s no chance of an incident occurring. But that’s what makes it vital to do absolutely everything in your power to be ready. Because what you have may not be enough.
How do we prepare? DPAS can help you
A brilliant way to prepare is to take part in training workshops which give you real-life scenarios and evaluate how your organisation would fare dealing with them. You never know how ready you are until you put it to the test.
Is your organisation prepared for a cyber attack?
Book onto our Bespoke Data Incident and Cyber Attack Workshop and find out! To learn more and book your place, click here.
Click here to check out what other cybersecurity training we can offer.
