How being prepared can help you ‘fail well’ in a cyber incident
When it comes to cyber security and being attacked, the unfortunate reality is that every organisation – large and small – is likely to fall victim at some point. The extent to which it damages the organisation and its operations and for how long and at what cost depends on one thing – preparedness. Organisations which are well prepared will ‘fail better’ and will be back on their feet quicker with less impact than those which are not.
The organisations I’ve seen over the course of my career in cyber security that manage a cyber attack well and reduce the impact quickly are those which have practised and prepared and have plans, processes, and playbooks that they can refer to at 2AM on a Sunday morning when they get the first indication of an attack happening. If you haven’t planned and prepared, then at 2AM on a Sunday morning you can’t do anything. That is when you see the whole thing falling apart around you and by Monday morning the whole IT environment is gone.
When I talk about preparedness there are two aspects: the technical and non-technical. Many organisations think they are prepared because they have an anti-virus solution but that is not enough, you need more defence and depth to make sure you are properly secured. There is also a tendency when talking about cyber security for organisations to look to the IT department and ask, ‘what are you going to do?’ but cyber security and knowing what to do if you are hit must be everyone’s responsibility from comms and legal through to business continuity. Unfortunately, we find in many organisations people find out about the cyber threat on the day of the cyber-attack and have never really been engaged beforehand. A full organisational response to an incident is needed and that is very hard to do in the heat of battle without planning and preparing beforehand.
On an annual or six-monthly basis, it is a good idea to run through some organisation-wide scenarios about what you might do if an attack were to happen. Once a year it is a good idea to carry out a full simulation to make everyone aware of what an attack could look like and what the roles, responsibilities and expectations of different departments and individuals could be.
I would also say that failing well involves other people and their expertise. Don’t try to deal with it alone. Professional assistance can help deal with cyber incidents because there are many impacts and consequences and unforeseen aspects that may need to be considered. It is such a complex area from statutory and regulatory responses though to technical containment and eradication. Even, for example, knowing what to do if the organisation decides to pay a ransom demand. It might seem like a good option, but there is a risk of committing an offence if the correct process isn’t followed.
Organisations such as the National Cyber Security Centre (NCSC) and law enforcement agencies can provide good guidance, but they can’t help resolve and recover from an incident. Specialist groups such as the CCoE and other organisations, however, have all the capability to bring to the incident to help resolve it and get an organisation back on its feet.
If you recognise you are not prepared or suffer an attack, don’t panic. The CCoE and others can provide assistance around what you should be looking at and what to prioritise. Some things can be implemented quickly, such as having an incident response plan with details such as who to contact should something be detected, while other things take longer and might be further down the line. One thing is certain, it is only by preparing now that you can reduce the impact when the worst does happen.
Dougie Grant is Managing Director Europe & Global Head Incident Management at Nihon Cyber Defence. He is part of the National Cyber Security Centre’s Industry 100 (i100) initiative and is on the advisory board of the CCoE.
To get in touch with the CCoE, please click on the button below and complete the form. A member of the team will be back in touch with you shortly.
