For businesses, the prevailing attitude has changed. In years gone by there was a wait-and-see approach when it came to security, but as cyber attacks and data breaches were more widely reported many organisations have adopted a “when, not if” approach.
The inevitability of cyber attacks has seen spending on cyber security increase fairly dramatically — in the UK alone, businesses doubled cyber security budgets in 2015 and globally, IDC anticipates that by 2020 organisations will pay out $101.2bn.
While there is an increased awareness of the threat and associated changes to budget, the key thing to remember is that no cyber security approach, tool or software is 100 per cent infallible.
This is especially true considering that organisations are not only filled with data and assets that need to be protected, but staff that are often the weakest link in the protection strategy. In fact, according to the Information Commissioner’s Office (ICO), human error is the cause of the majority of data breaches.
Cyber incident response
Part of any cyber security strategy should be incident response — after all, often it is how a business reacts to a breach or cyber attacks that can be more detrimental than the event itself.
A cyber response process or plan helps you mitigate risk and minimise the impact it will have on your business, employees, customers and your bottom line. An incident response plan can also assist in reducing the time it takes for the business to recover after an event and minimise the costs involved.
Many businesses may not see a need for a plan. Indeed those that have a plan may not even have a successful plan (due to it being out of date, lack of integration across the organisation or lack of knowledge due to changes in key members of staff).
Regardless, a workable, up-to-date plan is critical, especially as the likelihood of a cyber attack is high — just consider that in 2016, an average of 230,000 UK businesses suffered a cyber-related incident. Also, according to another study, 49 per cent of companies in the UK fell victim to ransom cyber attacks 2016.
Developing the plan
So what does this response plan or process typically look like? To start, you need to understand the threat landscape and know just what you’re protecting your organisation from. This step includes categorising security events – such as a DDoS attack, malware or breach.
You also need to know what business continuity and disaster recovery plans are already in place and who is responsible for which activity, so that you can build this into your response plan.
You then need to identify your most critical assets, where they are located and the risks around that data. This ties back to categorising security incidents as different events will necessitate a different reaction depending on the type of data — for example, customer, payment or operational information. And in turn, this step will shape and develop your performance objectives.
Continue reading on the next page for the four steps that will allow you to put practice into action when it comes to cyber attacks.
Share this story