Accepting your network will be breached is your first step to implementing a cyber incident response plan

By having a tested and proven cyber incident response plan in place, you can ensure your organisation recovers quickly and efficiently.
Cyber Incident Response PlanAccording to recent research conducted on behalf of BAE Systems, the length of time since an organisation's most recent known cyber attack is on average nine months, with more than half having experienced a cyber attack in the last year.  Statistics like these reinforce the need for a mind-set of 'when' rather than 'if'; with organisations accepting that even with the best prepared protection in place some attacks will still infiltrate their systems and the focus must then be on cyber incident response.
 
With the average cost of a cyber attack reportedly at £330,328, and one in every 10 attacks costing up to £1million, it is also evident that organisations are currently taking a sizeable hit every time they suffer a cyber attack. By having a tested and proven cyber incident response plan in place, you can ensure your organisation recovers quickly and efficiently.
 
Cyber incidents often start with only very limited information available, but often develop very quickly as more detail is uncovered during the initial assessment. Having staff who can handle an incident as it develops and who know the right questions to ask at the right time is critical.  When facing more serious attacks, incident managers and responders will need to ensure they keep track of all the information as it comes in and progress the investigation phase of the response, being careful not to jump to conclusions or make assumptions as to what has happened.  This is all the more important for incidents that involve a disruption to customer facing services and/or loss of sensitive personal data where there will be additional pressures to keep executives, customers, regulators and other third parties regularly informed.
 

Incidents can quickly evolve

Whilst nearly every incident will be unique in the way it plays out, it still helps to have a concise and actionable cyber incident response plan in place, along with a series of more in-depth playbooks for different classes of incident (e.g. Malware, Denial of Service). These will go a long way to ensuring your staff know what questions to ask and when to make the call to escalate the incident, based on an assessment of known impact and/or further risk to the business.
 
Incidents can quickly evolve; one minute you're dealing with reports of suspected Malware on a few users' laptops and the next you're dealing with a new variant of Ransomware spreading rapidly across your network file shares, encrypting everything it finds.  Similarly what may start as a Distributed Denial of Service (DDoS) attack on your public interfaces can later become evidence of a 'smoke & mirrors' campaign to distract you from an actual attempt to steal data from within your corporate network. Running regular incident response simulation exercises not only gives assurances that your organisation can respond effectively to such rapidly evolving incidents, but the lessons learned can also tease out some important recommendations that will be a lot easier (and probably cheaper) to implement as part of business as usual!
 
BAE Systems offers a range of services to help you with incident response, whether it be working with you to develop incident response plans to ensure that they are fit for purpose and tailored to your organisation, or carrying out an independent assessment of your incident response readiness using simulated incident scenarios.
 
If you think you’ve been a victim of a cyber attack, we can offer a 24/7 cyber incident response service. Contact us on: cyberresponse@baesystems.com
top
Niall McElroy, Cyber Security Consultant 6 February 2017