The fight against cyber attacks have basically been preventive but it has clearly dawned on brands that cybercriminals are not relenting on their assaults and are even becoming tech-savvier as days go by. Going by a new Ponemon Institute report that some 90% of critical infrastructure (CNI) providers’ claim that their IT/OT environment has been damaged by a cyber-attack over the past two years and that there were at least 2,100,480,045 records compromised in March 2019, it’s glaring that the attacks can be overwhelming and also cut across boards..
It, therefore, won’t be out of place if you have to reach a balance between preventative and recovery measures. You should operate on the premise that you may not outrightly be able to nip every future attack in the bud with preventive measures and for this reason, there must be a balance with recovery.
If adequate resources are distributed over protection and recovery, you will put yourself in a much better position not only to fight cybercrimes but to also mitigate the effects if for any reason you suffer an attack.
The following 3 steps will put you in good stead to effectively mitigate the effects of cyber attacks.
1. Incidence response (IR) plans
As an organized approach for handling cybersecurity incidents, breaches, and threats, a good IR plan allows you to effectively identify, minimize the damage, and reduce the cost of a cyber attack while trying to sort out yourself against further attacks.
You need to ensure that practices on the ground match the intent of your brand’s cybersecurity policies. You must ensure that operational staff who run security operations are familiar not only with the policies and processes but also, are able to incorporate the purpose and relevance in order to act in line with the target of the policies depending on the situation.
What this means is that you need to handsomely invest in the development of security policies as well as regular refresher training for your operational staff. This is a step towards ensuring that your team is familiar with incident response processes.
In terms of cyber attack exercise planning, it’s best to always think ahead about a big hit. If your IR plan is for a small attack, you may end up regretting your actions.
You may even have plans that work across the organizations as well as with suppliers. It may even be a good approach to reach out to bodies like the UK’s National Cyber Security Centre (NCSC) tasked with dealing with incidents of “national importance” and is also on the ground to help victim organizations immediately after an attack has occurred to better comprehend the magnitude and direct impact.
2. Prompt and in-depth communication
Once an attack has occurred, people who are concerned need to know and promptly too. Your team and possibly external help are needed to reconstruct the attack and figure out exactly what data was compromised in order to get the facts right.
Communication here is not necessarily about the media, you need to let your employees know what has happened as well as the regulators, people affected by the breach, and your suppliers. You can bring in the NCSC to serve as a bridge between your brand that’s dealing with the breach and the media.
Since the effect of an attack can be felt even years after it has occurred, one thing that you can’t toy with is the availability of good data which you can always fall upon any time the need arises. This will in no small measure help to mitigate the effects especially if you have to report to regulators and shareholders.
3. Service-level agreements (SLAs)
In the case where you are subscribed to a service provider, your service-level agreements must be eloquent enough on what access you can have to their data. This will definitely remove any unwarranted issues and bottlenecks that can cause obstructions to your quick response after an attack.
You also need to report the attack to any law enforcement agencies that are in charge of such crimes in your area of operation. They are equipped to carry out investigations and also to apprehend anybody found culpable.
This serves as a deterrent for launching further attacks.
It’s heartwarming to note that the cyber-threat landscape report by eSentire that discusses the most impacted industries in the UK found that employees in the UK are better than their global counterparts at preventing malicious attacks. One attack that’s foiled should be a big source of relief globally since the world has become a global village and personal information knows no borders.Photo Credit: OEA – OAS Flickr via Compfight cc