The Dos & Don’ts of Responding to Cybersecurity Attacks

It is a priority for businesses to understand the basic dos and don’ts of responding to cyberattack as it affects them and their stakeholders.

The Dos of Responding to Cyberattacks

Firstly, if you don’t already have a detailed incident response (IR) plan, then we’ve got a problem. It is essential that your plan comprises the following as outlined in the NIST Computer Security Incident Handling Guide (SP 800-61):

1. Preparation:

How to respond to and prevent incidents.

• Take past cyberattack events as a lesson to feel prepared for the next.
• Delegate responsibilities for incident response.
• Ensure that the entirety of your security systems is up-to-date.

2. Detection & Analysis:

Incident detection (of attack vectors, signs of an incident, and sources of precursors and indicators), analysis, prioritization, and notification.

• Hire a data forensics team for investigating the attack’s size, scope, and source. They can also analyse the attack and recommend how to remediate it.
• Conduct interviews with those who identified the attack.

3. Containment, Eradication & Recovery:

Choosing a containment strategy, evidence gathering and handling, identifying attacking hosts, and eradication and recovery.

• Have a plan for managing public relations in the case that the cyberattack becomes public – honesty and transparency are the best policy.

4. Post-incident activity:

Looking at lessons learned, using collected incident data, evidence retention, and incident handling checklist.

• Review the strengths and weaknesses of your plan after the incident.

And as for what needs to be included in the plan, consider the following:

1. The incident: create a plan for every category of cybersecurity incident possible

2. Who: create an emergency contact list – make sure all employees are updated on the incident, decide who is responsible for confirming the incident, and assign responsibility for contacting and liaising with law enforcement. Make sure anyone affected by the attack is notified and knows the measures you are taking in response.

3. What: create a plan for what happens to data if an incident occurs.

4. When: create a plan for when an alert needs to be sent out for the incident

Finally, ensure that your plan will work. Try a mock cybersecurity incident to test if the plan will be successful for possible future cyberattacks.

The Don’ts of Responding to Cyberattacks

Don’t panic! If you’ve ticked all the boxes in the Dos section, you should feel confident in your plan.

1. Reacting quickly and impulsively:

In a state of panic, you may be quick to shut down all your IT systems and operations. This is the last thing you want to do as you are erasing any evidence prior to investigations.

2. Reacting too slow:

Another outcome of panic is taking too long to respond to a cyberattack. An inadequate response to a cyberattack could not only cost your organisation, but other stakeholders involved. Don’t downplay or cover up the incident – as previously stated, honesty and transparency are valued.

Cybersecurity attacks can happen to anyone. Remember, that even the best security systems cannot guarantee that a cyberattack won’t happen. Instead, remain proactive and keep up to date with your systems and ensure that your IR plan is complete to prepare you for a possible cyberattack.

Sources:

MSP360 – https://www.msp360.com/resources/blog/how-to-respond-to-cyberattacks/

ITSEC – https://itsec.group/blog-post-responding-to-cyberattack.html