Cyber resilience: immediate response and effective recovery

September 2022  |  FEATURE | RISK MANAGEMENT

Financier Worldwide Magazine

September 2022 Issue

In a medical emergency, the quicker treatment is administered, the healthier results generally are. Likewise, in the case of a cyber attack, an immediate response from the targeted company can make all the difference between temporary difficulties and long-lasting damage.

In the early stages of a cyber attack, time can be both an ally and enemy. The quicker an attack is identified and contained, the better the outcome. The longer a cyber hacker remains at large in a company’s systems, the greater the likelihood that company is going to experience a significant breach and potential loss.

While cyber attack vectors are numerous, the most common are: (i) phishing, a type of social engineering scam that attempts to fraudulently obtain sensitive information using email; (ii) ransomware, which is malicious software designed to block access to a computer system until a sum of money (or ransom) is paid or some other action is completed; and (iii) baiting, which involves infecting a computer with malware after tricking someone into downloading free music or movies, for example.

“The vulnerability of a company depends on several different factors, but ultimately on the strength and reliability of its email security strategy,” says Dave Wreski, founder and chief executive of Guardian Digital. “Single-layered email defences, like those in Microsoft 365 or Google Workspace, are not equipped to defend against cyber attacks. Many companies fail to implement cyber security best practices that should start with phishing and ransomware protection.”

Boiled down, in the immediate aftermath of a cyber attack, a company’s security team needs to know what to do in order to maximise the chances of quick detection and minimise potential damage to systems and operations.

Immediate measures

Drilling down, amid the uncertainty and confusion following a cyber attack, those responsible for a company’s security need to take immediate measures to minimise both access and damage to the organisation’s systems and operations.

In the case of a cyber attack, an immediate response from the targeted company can make all the difference between temporary difficulties and long-lasting damage.

According to the AmTrust guidance ‘Cyber Attack: What to Do After a Security Breach’, companies should consider three main steps, as outlined below.

First, contain the breach. While a company may be tempted to delete everything after a data breach occurs, preserving evidence is critical to assessing how the breach happened and who was responsible. The very first step you should take after a breach is to determine which servers have been compromised and to contain them as quickly as possible to ensure that other servers or devices will not also be infected.

Second, assess the breach. If a company is the victim of a broader attack that is affecting multiple businesses, it should follow updates from trusted sources charged with monitoring the situation to make sure it knows what to do next. Whether a company is part of a broader attack or the sole victim, it will also need to determine the cause of the breach within its specific facility so it can work to help prevent the same kind of attack from happening again.

Third, manage the fallout. It is important to communicate with staff to let them know what has happened. Define clear authorisations for team members to communicate on the issue both internally and externally. It is crucial they remain on the same page. A company may also need to consult with legal counsel to figure out the best way to let its customers know about the breach.

“The primary step is to immediately contain and isolate the critical systems and temporarily suspend all the systems after discovering the attack to help stop the spread of the attack to all critical networks,” adds Mr Wreski. “Look for any strains of ransomware or malware on the affected systems and isolate them from the main network immediately.

“Also, change the passwords of all accounts to help mitigate the risks,” he continues. “You should also report the cyber attack to customers, clients and law enforcement immediately after it happens.”

Shape of things to come

Regardless of how large or small a company is, every business is at risk of a cyber attack or data breach. Moreover, if important information is exposed, recovery is likely to be difficult, especially amid evolving and increasing cyber security incidents.

“Cyber security will continue to be shaped by companies’ increasing need to secure their networks, data, devices and identities,” contends Mr Wreski. “This includes security frameworks such as zero-trust, artificial intelligence (AI) and migration to the cloud.

“AI will play a big role in helping industry keep up with the threat actor community,” he concludes. “I also expect that challenges with the talent gap not being filled will continue, that banking moving entirely to digital will lead to increased financial fraud, and that we will see more infrastructure attacks, such as what happened with Colonial Pipeline.”

Clearly, experiencing a cyber attack can be an incredibly stressful and intense time for any company. However, while little can be done to alleviate the overall stress engendered by a breach, a thorough understanding of incident response techniques provides key advantages – a sound defence at a time when every second matters.

© Financier Worldwide

BY

Fraser Tennant

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.