The critical 48 hours: how to mitigate the damage from a cyber-attack

Your organisation has been hacked - but what next? Andy Settle, head of the cyber security practice at Thales UK, offers his thoughts on best practice response in the aftermath of a breach

We live in the age of the ‘cyber-attack’, with high profile hacks hitting our headlines daily. But it’s not just well-known organisations such as Snapchat or Sony Pictures that attract the attention of malicious hackers. Organisations of all sizes must take the necessary steps to prepare for the worst-case scenarios, and be ready to respond quickly in the event of cyber-attacks on their network.

James Lewis, a cyber-security expert at the Washington DC-based Centre for Strategic and International Studies recently said that “businesses should stop worrying about preventing intruders getting into their computer networks”, and instead concentrate on minimising the damage caused when they do. For many, it seems to be a question of ‘when’, not ‘if’.

But it’s far from doom and gloom. There are measures that can be put in place to minimise the potential impact of an attack happening to your business.

Wise up to the cyber threat: Don’t be naive

Today, external cyber-attacks are escalating faster than legacy solutions can keep up with. Whether it’s taking control of networks of insecure computers or stealing intellectual property, criminals, activists and state sponsored threat actors have an active interest in compromising companies of all sizes in all lines of business.

One of the most common mistakes that organisations make is not regularly screening its systems for malware and vulnerabilities. This action is imperative as it can catch and prevent attacks early. Many larger organisations should take care to work with qualified third parties who can regularly screen their systems for any weaknesses. When a breach does occur, a company can suffer far less reputational damage if it can demonstrate that regular audits were carried out and that sensible plans were already in place to communicate with customers at the earliest possible convenience.

It is also important to note that cyber-attacks are rarely one-off incidents. Many organisations make the error of adopting a ‘wack-a-mole’ approach to their cyber security defences. This type of response encompasses responding to vulnerabilities as and when they crop up, instead of fully addressing the underlying threats.

Organisations should consider implementing a number of technical controls, such as network monitoring technology that can detect attempts to either steal corporate data or to infect the corporate IT system.s

Don’t forget about the insider threat

Protecting your organisation from the outside is undoubtedly imperative, but are companies paying enough attention to the threat from the inside?

Unintentional or deliberate employee actions such as plugging smartphones into work laptops, or accessing the corporate drive from a smart device can open up a new attack vector for savvy hackers.

In the age of Bring Your Own Device (BYOD) it is essential that companies implement thorough endpoint controls. Using data-loss prevention solutions can help to detect and prevent isolated storage devices from being connected to laptops and corporate networks, minimising the risk of employees introducing malicious software into the corporate network.

Furthermore, organisations should invest in cyber security training to make sure that employees are continually aware of the cyber threat. This can offer a greater ROI than investment made in costly security infrastructure and software deployments, as it will show notable benefits in the long- run.

Consider partnering with an external party

Over two thirds of external attacks are detected by external parties, rather than organisations themselves. When an incident takes place, organisations need a thorough Incident Response plan. It would be encouraging to see companies appoint and train cyber-first responders; staff who are trained to know exactly how to respond when a breach when it’s unearthed. They don’t have to know everything about cyber-security, but they should have an awareness of what to do to stop matters escalating out of control and who to call, i.e. an incident response provider.

Crucially people again are both the problem and the solution. Neil Thacker of Websense recently puts is thus: “… and the dilemma of an increasing information security skills shortage, organisations have a tough challenge ahead. Implementing a data theft prevention control.”

The days of in-house security teams being capable of preparing and responding to incidents has long gone. Professionally qualified, experienced teams of staff are necessary to respond to and prevent an incident from impacting the business. These people are few and far between and need continuous on-the-job and up-to-date experience and training. By using professional service providers brings greater value including cyber threat intelligence, up-to-the minute advice and guidance and impartial and high quality assessments. In-house is simply no longer an option.

In today’s day and age, it seems to be a question of ‘when’ not ‘if’ when it comes to cyber-attacks.

By taking the necessary measures at the outset, such as educating employees and implementing a thorough incident response plan with a third party, organisations can be safe in the knowledge that they are doing all they can to combat the very real and evolving cyber-threat.