Five steps to effectively manage a cyber-attack

  Given the rising frequency of increasingly malicious and innovative cyber-attacks organisations have to be prepared and proactive. It is no longer a question of ‘if’ but ‘when’ your organisation will have to deal with a cyber-attack. The cost of a cybersecurity breach is significant — in terms of money, business disruption and reputation. Depending on the magnitude of the attack, a cyber incident can potentially put you out of business.

According to UK government research, two-thirds of UK big businesses have been hit by a cyber-attack in the past year. UK telecoms group TalkTalk suffered a high profile attack in October 2015 when hackers stole personal data from customers. According to TalkTalk, the cyber-attack it suffered wiped £15 million off trading revenue as well as forcing it to book exceptional costs of £40m - £45m, and losing it up to 101,000 customers. 

The best course of action for a business that is attacked is a swift and effective response. A cybersecurity strategy with efficient incident response (IR) capabilities coupled with customer engagement initiatives helps limit the damage and ensures that the business is back up and running as soon as possible. It’s also important to reach out and engage with customers following to regain customer confidence.   An effective IR strategy navigates the following five phases:  

Identify

Information on events is collected from various sources such as intrusion detection systems and firewalls, and evaluated to identify deviations from the normal. Deviations are then analysed to check if they are sufficiently significant to be termed an event. The use of automation tools ensures swift detection and eliminates delays in moving to the next phase, containment. Once a deviation is identified as a security incident, the IR team is immediately notified to allow them to determine its scope, gather and document evidence, and estimate impact on operations. Businesses can bolster this process by incorporating an effective security information and event management (SIEM) system into their overall cybersecurity strategy.

Contain

Once a security event is detected and confirmed, it is essential to restrict damage by preventing its spread to other computer systems. Preventing the spread of malware involves isolating the affected systems and rerouting the traffic to alternative servers. This helps limit the spread of the malware to other systems across the organisation.

Eliminate

This step focuses on the removal of the malware from the affected systems. IR teams then conduct an analysis to find out the cause of the attack, perform a detailed vulnerability assessment, and initiate action to address the vulnerabilities discovered to avert a repeat attack. A thorough scan of affected systems to eradicate latent malware is key to preventing a recurrence.

Restore

In the restoration stage, affected systems are brought back into action. While bringing the affected systems back into the production environment, adequate care should be taken to ensure that another incident does not occur. Once these systems are up and running, they are monitored to identify any deviations. The main objective is to ensure that the deficiency or the vulnerability that resulted in the incident that was just resolved does not cause a repeat incident.  

Investigate

This is the last step and entails a thorough investigation of the attack to learn from the incident and initiate remedial measures to prevent the recurrence of a similar attack. IR teams also undertake an analysis of the response to identify areas for improvement.

Protect your organisation from attack

 What enterprises need now are effective cybersecurity solutions to monitor and provide real-time visibility on a myriad of business applications, systems, networks and databases. There has been an increasing realisation that basic protection tools for important corporate information are no longer sufficient to protect against new advanced threats. Furthermore, enterprises are under tremendous pressure to collect, review and store logs in a manner that complies with government and industry regulations.

Countering focused and targeted attacks requires a focused cybersecurity strategy. Organisations need to take a proactive approach to ensure that they stay secure in cyberspace and adopt a robust cybersecurity strategy. 

Vijay Bharti, Vice President & Head of Security Services, Happiest Minds