News & Insights
It is a priority for businesses to understand the basic dos and don’ts of responding to cyberattack as it affects them and their stakeholders.
Firstly, if you don’t already have a detailed incident response (IR) plan, then we’ve got a problem. It is essential that your plan comprises the following as outlined in the NIST Computer Security Incident Handling Guide (SP 800-61):
How to respond to and prevent incidents.
Incident detection (of attack vectors, signs of an incident, and sources of precursors and indicators), analysis, prioritization, and notification.
Choosing a containment strategy, evidence gathering and handling, identifying attacking hosts, and eradication and recovery.
Looking at lessons learned, using collected incident data, evidence retention, and incident handling checklist.
And as for what needs to be included in the plan, consider the following:
1. The incident: create a plan for every category of cybersecurity incident possible
2. Who: create an emergency contact list – make sure all employees are updated on the incident, decide who is responsible for confirming the incident, and assign responsibility for contacting and liaising with law enforcement. Make sure anyone affected by the attack is notified and knows the measures you are taking in response.
3. What: create a plan for what happens to data if an incident occurs.
4. When: create a plan for when an alert needs to be sent out for the incident
Finally, ensure that your plan will work. Try a mock cybersecurity incident to test if the plan will be successful for possible future cyberattacks.
Don’t panic! If you’ve ticked all the boxes in the Dos section, you should feel confident in your plan.
In a state of panic, you may be quick to shut down all your IT systems and operations. This is the last thing you want to do as you are erasing any evidence prior to investigations.
Another outcome of panic is taking too long to respond to a cyberattack. An inadequate response to a cyberattack could not only cost your organisation, but other stakeholders involved. Don’t downplay or cover up the incident – as previously stated, honesty and transparency are valued.
Cybersecurity attacks can happen to anyone. Remember, that even the best security systems cannot guarantee that a cyberattack won’t happen. Instead, remain proactive and keep up to date with your systems and ensure that your IR plan is complete to prepare you for a possible cyberattack.