Skip to content

Cyber Response Plans

Understanding Cyberattacks

According to the World Economic Report of 2018, the global risk landscape puts extreme weather events as most likely to occur in 2018, finally knocking cyber-attacks of the top spot.

However, you would be forgiven for thinking that cyber is still at the top, it seems to be in the news daily; weather events aren’t common to all countries.

Cyber is still a new concept to most of professionals and organisations as in general, many haven’t been personally affected. It is likely that you’ve got a connection with someone who has though, and it’s that that seems to capture people’s attention.

Regardless if it’s in 4th or 10th place on the report, you should never become complacent that it will never happen to you. No matter how great your IT security measures or your IT team are, it all becomes out of date very quickly in this fast-paced world we live in. Humans have been able to create technology that can put up defences against natural harm a million times quicker than natural evolution can provide us.

The idea of a Cyber-attack is a global phenomenon and younger than most people’s children. There’s always a hacker somewhere in the world looking to be the next great thing, looking to beat your defences. This is what makes them so dangerous to all organisations, including the Defence Forces.

Cyber hackers are usually part of an anonymous network where users are provided rewards (whether financial or of a title) to hack certain, challenging environments. There is nothing more powerful behind an attack than someone trying to prove a point.

Resource on this: Cyber: Not just an IT Issue.

Planning for the unexpected and accepting that it might just happen to you is critical. You must know what your next challenge could be.

crisis events new zealand

A Structured Cyber response

A cyber attack can cause disruption to business operations just like any other IT related outage. Loss of power, cut fibre, water leak in the room above your data centre (it still happens) the list goes on. The difference with cyber is it all too often becomes public and the impacts to business reputation increase exponentially. This is often outside the responsibility of the IT team and a strategic response is necessary. Your response team needs to act fast through the following 4 phases:

  1. Identify: Is this really a hack, or a system or human error?
  2. Contain: stop further damage, isolate the threat.
  3. Eradicate: Clean up the problem, backup restores.
  4. Recovery: get back to business as usual, repair the reputational damage.

If you haven’t already got one, we would recommend developing a Cyber Security Incident Management Procedure, which should be used by your Cyber Incident Response Team (CIRT) to response to a cyber event. As a minimum we would recommend that your CIRT is made up of the following roles:

  • CIRT Manager
  • IT Security Technical Lead
  • Communications
  • IT Response & Recovery Coordinator (Infrastructure)
  • IT Response & Recovery Coordinator (Applications & Related data)
  • External:
    • Forensic Analyst
    • Forensic Investigator

A clear escalation policy should be established in your procedure to provide early warning to your Strategic level response to prepare for likely reputational, financial and legal impacts for a severer cyber-attack.

The evidence is there, organisations must prepare for a cyber attack and accept that it is now  “not just an IT issue.

Till next time, Plan, Do, Check and Act….

Leave a Reply

Your email address will not be published. Required fields are marked *