[BreachExchange] Security Think Tank: Strategies for surviving a cyber attack

[Audrey McNeil]

http://www.computerweekly.com/opinion/Security-Think-Tank-
Strategies-for-surviving-a-cyber-attack

The reach and severity of recent cyber attacks, such as WannaCry and
NotPetya, have prompted many organisations to seriously consider their
ability not only to resist an attack, but also to survive one.

The first step is to know where the risks lie and build up ways to cover
your attack surface. Knowing the risks allows you to implement targeted
processes to mitigate attacks.

A key requirement is to educate all staff about how they can be targeted
and to provide guidance on how they can contribute to business resilience.
This education can be built up slowly, beginning with something as simple
as asking staff to double-check an email that is not written in the usual
style the sender uses – especially if it involves money. Phishing emails
are becoming more sophisticated and harder to detect, remaining one of the
most frequent types of attack.

It is just as important to prepare for when an attack has happened. The
main aim should be to keep the business going; the second priority should
be to restore the organisation to its “pre-attack” state; and thirdly to
apply lessons learned to improve resilience against the next attack.

Doing this efficiently involves preparation and having adequate procedures
in place, including realistic rehearsals and exercises. Most organisations
have risk management procedures, such as fire safety drills that help make
the scenario as realistic as possible.

Similar techniques can be effective in minimising the impact of cyber
attacks. Everything should be tested and rehearsed, including incident
management plans, restoring backups and rebuilding servers.

In the event of an attack, organisations need trained people from across
all business functions ready to work together to fix the problem as quickly
as possible. In addition to the IT and security teams, this should include
PR teams ready to communicate publicly and deal with any incoming queries.

The C-level function must be ready to handle stakeholder queries, and the
legal team should be considering any legal implications or risks. This is a
business issue, not just a technical one, and warrants management as such.

All of the above steps need to be repeated, tested and updated regularly to
ensure a calm and confident stance, as well as providing the best
opportunity of limiting any damage or consequence to the business.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170905/9cbc0806/attachment.html>