I was conducting some lightweight research recently, reviewing past news articles about cyber attacks: the attack on the NHS this summer is still fresh in our memory, the TFL attack, the one on the British Library, not to mention the high-profile international attacks of recent years. Then there are the ones that tend only to be in our local news: an attack on a poultry farm, on a vet practice, and so on. All these articles demonstrate that whatever its size and its public profile, no organisation is immune. But what then follows are reference to financial implications: “Cyber-attack recovery could cost council £500,000”, “Cyber-attack cost council £10.4m” “Housing register still down weeks after cyber attack”. And of course, there are the fines and legal penalties that may result, not to mention the reputational damage. It all makes for pretty stark reading. One thing that is for sure and certainly won’t be news to you, is the fact that this is never going away. 

Being prepared is crucial. A bit like travel or house insurance, one hopes to goodness never to have to use it, but not having any is foolhardy. The same goes for cyber incident response planning. Any C-Suite not considering how they might deal with an attack, perhaps thinking ‘it won’t happen to me’ or ‘it’s an IT problem’ is potentially in for a rude awakening. Knowing what and how you will respond to an attack must be part of every organisation’s cyber strategy. It’s not just the IT team’s responsibility. The Executive team must be onboard and engaged because should an incident occur, they will absolutely be involved. The good news is that there are steps that can be taken to prepare and respond accordingly.

There’s no more anxious a position than the unknown: “Is everything in place, and does it work?” Preparedness and planning are key. Far better to have reviewed and tested your security posture before an incident than discover the gaps during. By developing comprehensive incident response plans, conducting regular training and awareness programs, and implementing robust security controls, organisations can reduce the likelihood and impact of cyber incidents. Preparedness activities not only enhance your overall security but also significantly reduce the costs associated with debilitating cyber incidents. And it’s not simply a case of documenting plans but testing them too by running activities such as cyber simulation exercises to ensure they are fit for purpose.

One element of preparedness that should be built into those plans and is easily overlooked, is knowing who to call for help. When the pressure is on and you’re in the thick of an incident, it’s important to be able to turn to the experts. You don’t want to have to be spending time scouring Google, and then have no sense of the ability of the team you’re engaging. Every team has their skills but it’s important to recognise that there are experts out there who deal with cyber incidents on a regular basis and can help you. Far better to have called in the fire brigade when the smoke detectors go off than tackle the fire yourself, putting yourself in danger, and then realise you can’t contain it.

A good specialist Incident Response team is not a luxury but worth its weight in gold. Available 24*7, they provide that all important initial advice to contain the incident, which then gives you the opportunity to step back and take a breath. They will lead on managing the incident providing support and guidance to your IT team and just as importantly, your Executives. But dealing with an incident is a collaborative effort. They will work with you and your vendors to remediate and get you back on your feet. They can draw on resources and skills sets that most organisations are unlikely to have in-house, such as multi-lingual specialists, resource in global offices that ensure the work continues around the clock, and threat actor engagement. And if you’ve taken the proactive step to invest in a retainer, that Incident Response team will already know your organisation and IT infrastructure enabling them to deploy more quickly and efficiently in the event of a cyber incident. 

Once an incident has concluded, the work doesn’t stop there. It’s important to investigate and understand how it happened, how your team responded to it, and what lessons can be learned. But it shouldn’t be all about the negative; give yourself time to reflect on what went well too.

Cyber incident response isn’t just about the event itself. It’s about your preparation and cyber resilience, how you the manage the event, and how you learn and recover from it to be a stronger organisation.

To discuss how our Cyber Incident Response service can help you, please do not hesitate to contact Sapphire on 0845 58 27001.

Similar Posts