Insights | Integrity360

Don’t Panic! - How a rushed response to a cyber-attack can make things worse

Written by Matthew Olney | 25 October 2022 08:30:00 Z

Panicked responses to a cyber-attack can often result in a race against risk that leads to rash and costly actions. 

Take a step back and think 

If your organisation falls victim to a cyber-attack, the natural response is to take urgent action to ensure that it doesn’t happen again. This can lead to the hasty purchasing of ineffective and expensive products or services that claim to be the solution to all your problems. 

The risk then becomes that the leadership of said organisation now believes that they’re safe from a future breach, a dangerous attitude to have and in some cases by buying up a load of products in haste you may in fact increase your exposure to cyber threats.  

With cyber crime and the tactics used by hackers constantly evolving, an organisation must also keep their knowledge of threats and defences current and updated. The foundations of any effective cyber security strategy are the policies and processes that help an organisation understand how it can best protect itself from cyber threats. This is where Cyber Risk and Assurance services come in.  Utilising the expertise of Integrity 360's experts can help businesses achieve a wide variety of results through methodical cyber risk assessments that look at risks from every angle, including digital and physical. 

Smaller organisations and those that don’t have the budgets to implement costly security measures or recruit cyber specialist roles will struggle and the promise of a fix-it-all (the mythical silver bullet) will be particularly tempting. The cyber skills shortage plays a major role in how an organisation can respond to attacks. A lack of cyber security specialists can result in wrong decisions being made that can make a situation worse. MSSPS are the answer to this key issue in the industry and organisations unsure or unable to implement effective cyber security should take advantage of them. 

Buying multiple security tools can harm a response 

If your business does suffer a breach, then you may be tempted to rush out and buy multiple security products in the mindset that the more security tools I have the safer we will be. This unfortunately is often not the case and can even prove harmful to the incident response process.  

As Integrity360’s Incident Response Manager Patrick Wragg explains; “Having multiple security tools such as firewalls in place doesn’t make a business 100% secure. In one incident we responded to the organisation that had been breached was using firewall from two different security companies. One firewall was covering 70% of a network the other 30% all well and good you may think but when it came to finding out how the attacker got in it was difficult to build a picture due to shifting through the logs of two different firewalls. It was a very time-consuming process and difficult at times.”  

Having clear visibility over your network is vital in being able to respond to an attack quickly. If you know how and where your data goes in and out of your network, you can react to a breach quicker and respond more effectively.  

Make a plan 

Instead of panicking and potentially making a costly and ineffective purchase of the latest cyber security gizmos you should take a step back and formulate a plan so that the next time an incident occurs you can handle it in a calmer and more organised way. 

According to the UK government’s Cyber Security Breaches Survey 2022 the number of businesses with an incident response plan in place is just 19% and only 39% of respondents said that they have assigned roles in the event of an incident.  

In contrast, businesses show a clear reactive approach when breaches occur, with 84% of businesses saying they would inform the board, while 73% would assess the attack. 

Having a plan in place can greatly reduce both the stress and damage caused by cyber-attacks. 

Think of your cyber hygiene as you would your dental hygiene. Brush your teeth every day, don’t wait until the damage is done and you won’t be needing the (expensive) dentist’s treatment. 

What should be considered? 

Develop policies and procedures that - 

  • Help employees understand how they can prevent incidents and identify security threats. 
  • Identify the financial and information assets that are important to your business and the technology that you rely on. 
  • Identify risks to those systems and the steps needed to lessen them. 
  • Ensure that everyone knows their roles before, during and after an incident. From the CEO to the marketing team, most people have a role to play in mitigating the damage. 
  • Ensure that only those people that need it have access and permissions to sensitive data and systems i.e. Zero Trust policies.  

Cyber security assessments and regular cyber security testing are key to understanding where you are most vulnerable and where you should spend your budgets.  

Integrity 360 provides assessments and testing that quickly and cost effectively highlight areas where immediate action can achieve demonstrable benefits to an organisation’s security posture.  

Our experts assess the threats to an organisation and create bespoke programmes of testing to simulate the most likely ways that it will be attacked allowing the assessment of the effectiveness of an organisation’s current (if they have any) policies, people, processes and technology. 

Contact us today to learn more about our Cyber Risk and Assurance Services.