A step through guide on how to mitigate a cyber-attack
A step through guide on how to mitigate a cyber-attack
The possibility of a cyber-attack is one of the most common and serious dangers that an IT department faces. Taking precautions to minimise the threat is clearly crucial. Yet still, many have the misconception that they're either too small or not interesting enough to be targeted. It's worth remembering though, anything of a high value to you has value to your attacker, as they can steal it and hold it for ransom.

Advancements in hacking techniques and methods have made it more challenging to pre-empt these attacks. But by creating a cyber-incident-response plan, organisations can at least be prepared. This plan should encompass three stages: starting with prevention, it should also include how to handle a breach and how to move forward in the aftermath.

1) How to prevent a cyber-attack
Education plays a vital part in preventing cyber-attacks. All employees within an organisation should be aware of the signs of a possible attack, not just the IT department. It makes life a lot easier if staff can spot a potential cyber- attack before it happens. 

For example, in a whale phishing attack, criminals will take the time to pin-point a senior employee, such as a CEO or a financial director, and then impersonate them. They will send e-mails requesting sensitive information from members of staff. These scamming emails can often be recognised by subtle factors, such as the use of an irregular font or a different tone of voice in the language used. Whale phishing emails are most identifiable by checking the e-mail address they were sent from, which often have a small variation to the address used by the person they are trying to imitate. 

Cyber-criminals are constantly changing their hacking techniques, however, and this means user education has to be delivered regularly for it to be effective.

Beyond education, companies must be protected on a technical level. Making sure that your anti-malware software is effectively protecting your files and data is a clear must. Without this protection, a malicious attack, such as ransomware, could easily infiltrate your network. The cyber-attack on the NHS last year was a high profile example of how malware can have severe consequences. By updating your anti-malware software on a regular basis, you decrease the chances of these attacks significantly.

2) What to do if an attack takes place?
Regardless of the precautions you take, it is highly likely attacks will happen – and despite your best efforts, they may succeed. However, by having a strong and detailed response plan ready, you'll be able to start mitigating the damage immediately. This playbook should cover all areas of an attack, and should include details of who to contact. A cyber attack-must be reported to ActionFraud, a division of the police which specialises in cyber-crime. 

Your plan should also cover public reporting. Any breach can have a major reputational impact on the business, so it is important to have an internal and external comms strategy in place. Trust in a company can be completely shattered if it chooses not to report the breach to clients, employees and connected organisations. It can be hugely damaging if this news is released at a later date, especially by a third party.  

3) The aftermath of an attack
Once the initial crisis has been resolved, it's important you make sure your organisation is doing all it can to avoid a repeat event. Working out exactly how the cyber-attack occurred is vital. A misconfigured web server or overly permissive web proxy setting are just some of the possible causes. After determining the cause of the attack, you should obviously fix the problem but you should also take measures to prevent it from happening again. 

When analysing the attack, also identify ways to strengthen those areas of your company that have been affected. This can range from reinstalling compromised systems from known, good media and potentially restoring data from backup. It is extremely important that a company gathers a vast amount of information from the attack and the findings are delivered into a company security policy

You should identify which areas of your infrastructure were weak enough for an attacker to target. This assessment can highlight which areas need improving and how this can be achieved. The results may suggest that management processes need rethinking or that staff security training needs improving.

A business impact assessment will then enable you to present your findings to senior managers, who can then discuss which steps would be best to take to reduce the risk of future attacks.

The prospect of a cyber-attack on any organisation can be very daunting. However, if you have the processes, contacts and a strong response plan at the ready, the situation can be dealt with much more effectively. 

Contributed by Mark Lomas Title: Technical Architect Company: Probrand

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.