What to do before & after a Cyber breachBy Gurpreet Thathy | 21 Mar 2022
What to do before & after a Cyber breach
What to do before & after a Cyber breach – the basics:
What are cyber-attacks and there potential impact: An attack typically involves a deliberate entry by a 3rd party into a computer system with malicious intent. The attacker aims to identify and exploit any vulnerabilities in a computer system and network to:
- Gain unlawful access to restricted information/personal data.
- Steal, destroy, compromise, change or manipulate data and computer systems.
- Deny or restrict access to the computer system/data resulting in system/network issues.
A cyber-attack can occur in a number of different ways and forms, with varying degrees of sophistication, including - phishing; malware; ransomware; spyware; trojans; and viruses. Ransomware is a particular concern as the attackers encrypt data on the target's computer system with the aim being to demand a ransom in return for releasing or restoring the system.
@Valkyrie, many of our clients are taking proactive steps in reducing the risk of a physical/technical security breach. @Gurpreet Thathy, our Director of cyber security and electronic counter measures gives his thoughts on the steps needed to assist in lowering the risk of an attack happening on clients infrastructure.
Strategy: Prepare a thorough cyber strategy. Conduct regular and extensive reviews of the computer systems and network security to identify and remedy any weaknesses/vulnerabilities and ensure that suitable measures are in place to protect the system and data. Consider simulating an incident exercise to test the response and highlight gaps in the infrastructure.
Plan: Prepare a response plan that can be effectively and quickly implemented in the event of an attack. This will assist with prompt/decisive action to contain and minimise the extent of the disruption. Measures to take include identifying an internal expert who can be quickly tasked within the business along with an appropriate escalation process including assistance from external experts. It’s important once you have a plan, is to rehearse scenarios by conducting scenario based exercises with key personnel within your organisation.
Processes and procedures: Implement appropriate procedures/processes to recognise and identify instances of cyber-attacks and security breaches - prepare a structure to conduct an investigation and set out methods of reporting.
Insurance: Despite not being a preventive measure, businesses should acquire appropriate cyber security insurance to protect itself against financial loss.
Whilst preventative measures are preferable to reactive ones, businesses should consider what actions to take in the event of a cyber-attack.
Response plan. Follow/adhere to the cyber-attack plan that the business has in place.
Incident response. Work with experts (internal and external) to swiftly investigate the incident in detail and identify the cause/extent of breaches or malicious activity - particular attention should be placed on breaches involving personal data.
Legal support. Have a lawyer available who understands data issues and the litigation risks, this will improve the chances of dealing with the legal exposures of an attack.
Suspension. Depending on the extent of the breach consider suspending the system or network to prevent further malicious activity, despite the impact this may have.
Notification. If necessary inform and notify the relevant authorities and personnel to ensure compliance with regulatory requirements. Depending on the scale and nature of the incident, businesses may need to make a reference to the UK National Cyber Security Centre. Additionally, under UK GDPR businesses that experience certain personal data breaches must report these to the Information Commissioner's Office within 72 hours of becoming aware of it.
Cyber Insurance. Notify insurers as they may have actions they require the business to take.
Communication. Managing the fall out of an attack will be critical, particularly in respect of any suppliers, customers, employees and contractors as well as the businesses reputation.
If we can be of assistance please contact us on - firstname.lastname@example.org | T: +44 (0) 2074 999 323