Protection against cyber attacks – mitigation and response
6 min read
25 January 2017
If last year is anything to go by regarding the rate and sophistication of cyber attacks, 2017 is set to see a marked increase in both.
For businesses, the prevailing attitude has changed. In years gone by there was a wait-and-see approach when it came to security, but as cyber attacks and data breaches were more widely reported many organisations have adopted a “when, not if” approach.
The inevitability of cyber attacks has seen spending on cyber security increase fairly dramatically — in the UK alone, businesses doubled cyber security budgets in 2015 and globally, IDC anticipates that by 2020 organisations will pay out $101.2bn.
While there is an increased awareness of the threat and associated changes to budget, the key thing to remember is that no cyber security approach, tool or software is 100 per cent infallible.
This is especially true considering that organisations are not only filled with data and assets that need to be protected, but staff that are often the weakest link in the protection strategy. In fact, according to the Information Commissioner’s Office (ICO), human error is the cause of the majority of data breaches.
Cyber incident response
Part of any cyber security strategy should be incident response — after all, often it is how a business reacts to a breach or cyber attacks that can be more detrimental than the event itself.
A cyber response process or plan helps you mitigate risk and minimise the impact it will have on your business, employees, customers and your bottom line. An incident response plan can also assist in reducing the time it takes for the business to recover after an event and minimise the costs involved.
Many businesses may not see a need for a plan. Indeed those that have a plan may not even have a successful plan (due to it being out of date, lack of integration across the organisation or lack of knowledge due to changes in key members of staff).
Regardless, a workable, up-to-date plan is critical, especially as the likelihood of a cyber attack is high — just consider that in 2016, an average of 230,000 UK businesses suffered a cyber-related incident. Also, according to another study, 49 per cent of companies in the UK fell victim to ransom cyber attacks 2016.
Developing the plan
So what does this response plan or process typically look like? To start, you need to understand the threat landscape and know just what you’re protecting your organisation from. This step includes categorising security events – such as a DDoS attack, malware or breach.
You also need to know what business continuity and disaster recovery plans are already in place and who is responsible for which activity, so that you can build this into your response plan.
You then need to identify your most critical assets, where they are located and the risks around that data. This ties back to categorising security incidents as different events will necessitate a different reaction depending on the type of data — for example, customer, payment or operational information. And in turn, this step will shape and develop your performance objectives.
Continue reading on the next page for the four steps that will allow you to put practice into action when it comes to cyber attacks.
Practice into action
Taking a very high-level approach, once a plan is implemented and needs to be used to deal with an incident, businesses typically follow four broad steps:
The first deals with the actual identification of the cyber security incident, which may in itself be a challenge. This can be done by monitoring, looking at log alerts, cyber intelligence and evaluating threat analytics, which can also assist in finding out exactly what happened. More often than not, working with a trusted IT or security provider could help in the identification process, as well as what followed.
The second step looks at defining objectives and delving into what happened. Typically, this includes finding out who the attacker/s are, the scope of the attack, what was affected, what was taken, and the timescale of the attack.
From there, gathering that data allows an organisation to take the appropriate action —that includes tasks such as eliminating the cause of the incident, containing the damage, contacting law enforcement and gathering evidence.
The final area is recovery. Here an organisation needs to ensure that remediation has been carried out correctly, gaps closed, and vulnerabilities assessed. Depending on the type of incident and data affected, this could include things such as password resets, enhancing security and testing systems.
One of the most important aspects of cyber security is that organisations can rarely go it alone. While programmes, strategies and plans certainly do help in protecting valuable assets and the bottom line, expertise and advice from trusted advisors in the IT and cyber security space can be equally as valuable.
Cyber security is an ongoing endeavour — something that evolves and changes according to the threat landscape, the business itself and the risk it faces — and should address mitigation, protection and response to manage cyber attacks.
Gavin Russell is CEO of Wavex Technology