[BreachExchange] A step through guide on how to mitigate a cyber-attack

Audrey McNeil audrey at riskbasedsecurity.com
Mon Mar 12 21:04:20 EDT 2018


https://www.scmagazineuk.com/a-step-through-guide-on-how-
to-mitigate-a-cyber-attack/article/747439/

The possibility of a cyber-attack is one of the most common and serious
dangers that an IT department faces. Taking precautions to minimise the
threat is clearly crucial. Yet still, many have the misconception that
they're either too small or not interesting enough to be targeted. It's
worth remembering though, anything of a high value to you has value to your
attacker, as they can steal it and hold it for ransom.

Advancements in hacking techniques and methods have made it more
challenging to pre-empt these attacks. But by creating a
cyber-incident-response plan, organisations can at least be prepared. This
plan should encompass three stages: starting with prevention, it should
also include how to handle a breach and how to move forward in the
aftermath.

1) How to prevent a cyber-attack
Education plays a vital part in preventing cyber-attacks. All employees
within an organisation should be aware of the signs of a possible attack,
not just the IT department. It makes life a lot easier if staff can spot a
potential cyber- attack before it happens.

For example, in a whale phishing attack, criminals will take the time to
pin-point a senior employee, such as a CEO or a financial director, and
then impersonate them. They will send e-mails requesting sensitive
information from members of staff. These scamming emails can often be
recognised by subtle factors, such as the use of an irregular font or a
different tone of voice in the language used. Whale phishing emails are
most identifiable by checking the e-mail address they were sent from, which
often have a small variation to the address used by the person they are
trying to imitate.

Cyber-criminals are constantly changing their hacking techniques, however,
and this means user education has to be delivered regularly for it to be
effective.

Beyond education, companies must be protected on a technical level. Making
sure that your anti-malware software is effectively protecting your files
and data is a clear must. Without this protection, a malicious attack, such
as ransomware, could easily infiltrate your network. The cyber-attack on
the NHS last year was a high profile example of how malware can have severe
consequences. By updating your anti-malware software on a regular basis,
you decrease the chances of these attacks significantly.

2) What to do if an attack takes place?
Regardless of the precautions you take, it is highly likely attacks will
happen – and despite your best efforts, they may succeed. However, by
having a strong and detailed response plan ready, you'll be able to start
mitigating the damage immediately. This playbook should cover all areas of
an attack, and should include details of who to contact. A cyber
attack-must be reported to ActionFraud, a division of the police which
specialises in cyber-crime.

Your plan should also cover public reporting. Any breach can have a major
reputational impact on the business, so it is important to have an internal
and external comms strategy in place. Trust in a company can be completely
shattered if it chooses not to report the breach to clients, employees and
connected organisations. It can be hugely damaging if this news is released
at a later date, especially by a third party.

3) The aftermath of an attack
Once the initial crisis has been resolved, it's important you make sure
your organisation is doing all it can to avoid a repeat event. Working out
exactly how the cyber-attack occurred is vital. A misconfigured web server
or overly permissive web proxy setting are just some of the possible
causes. After determining the cause of the attack, you should obviously fix
the problem but you should also take measures to prevent it from happening
again.

When analysing the attack, also identify ways to strengthen those areas of
your company that have been affected. This can range from reinstalling
compromised systems from known, good media and potentially restoring data
from backup. It is extremely important that a company gathers a vast amount
of information from the attack and the findings are delivered into a
company security policy

You should identify which areas of your infrastructure were weak enough for
an attacker to target. This assessment can highlight which areas need
improving and how this can be achieved. The results may suggest that
management processes need rethinking or that staff security training needs
improving.

A business impact assessment will then enable you to present your findings
to senior managers, who can then discuss which steps would be best to take
to reduce the risk of future attacks.

The prospect of a cyber-attack on any organisation can be very daunting.
However, if you have the processes, contacts and a strong response plan at
the ready, the situation can be dealt with much more effectively.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180312/fab72c8f/attachment.html>


More information about the BreachExchange mailing list