The last 12 months has seen a considerable increase in not only the number of cyber-attacks but also the sophistication in which they're carried out. Companies of all shapes and sizes have fallen victim; it's set to be a long-lasting issue going into 2017 and beyond.
Businesses used to take a more relaxed approach to cyber-security, where they'd wait for an attack to present itself before considering what to do about it. However, as the frequency of cyber-attacks continues to climb, businesses must adopt a proactive approach and invest heavily in cyber-security. In 2015, businesses in the UK doubled their cyber-security budgets, while the IDC anticipates that by 2020 organisations globally will invest £101.2 billion to protect themselves.
Regardless of how much is invested, no particular tool or software can guarantee complete protection — especially when you consider that, according to the Information Commissioner's Office (ICO), the majority of data breaches come about through human error. Cyber-security isn't all about what you use to prevent an attack; it's also how you carry out your response strategy.
The initial response
All businesses should have a pre-determined incident response plan that details how to deal with an attack because the way a business responds can often be more damaging than the attack itself. With a comprehensive cyber-response plan, you can lessen the impact that an attack has on your business, employees, and customers.
Without being faced with an imminent threat, it might be hard for businesses to see why a plan is so necessary. However, when you consider that around 230,000 UK businesses suffered a cyber-attack in 2016, you start to understand why it's so important.
Developing a plan
When sitting down to develop a cyber-response plan, you need to have a clear understanding of the threat(s) you're faced with and what you're protecting your business from, whether it's a DDoS attack, malware or a breach. You should also find out what business continuity or disaster recovery plans the business already has, so these can be integrated into your plan.
After this, you must identify your business' most critical assets, make sure you know where they are located and outline what risks might be posed to your business if those assets were to be hacked or leaked. By doing this, you will be able to tailor the plan according to your specific performance objectives.
Putting the plan into practice
The moment that an incident occurs, businesses should consult their recovery plan and follow these steps:
- Identify the incident — Finding out the nature of the attack can usually be done through monitoring, cyber intelligence, looking through log alerts and evaluating threat analytics. More often than not, working with a trusted IT or security provider can help to speed up this step, allowing you to tackle the threat quicker.
- Define the impact — This involves finding out who's behind the attack, what aspects of the business have been affected, what was taken by the attacker(s) and the timescale of the attack.
- Gather the data — Once you have a good understanding of the incident, it's essential to collate all the information. This involves eliminating the cause of the incident, containing the damage, contacting the relevant authorities and gathering evidence.
- Commence recovery — This is where you must ensure that remediation is carried out correctly. Depending on the type of incident and the data affected, this could involve anything from resetting passwords to enhancing the entire security infrastructure.
No matter what size your organisation, no one can afford to be complacent over the issue of cyber-security. Of course, there are programmes and plans that can help somewhat in protecting your assets, but the expertise and advice of professionals in the IT and cyber security sectors is priceless. With cyber-security being an ongoing endeavour, it's essential that businesses are prepared for any outcome.
Contributed by Gavin Russell, CEO, Wavex Technology