Six essential steps to build digital resilience and protect your business from cyber-attacks
Published: 11th July 2023
Cyber-attacks are no longer a possibility, but a common and sophisticated reality. Across the UK around a third of businesses and charities reported being victims of cyber-crime in the last 12 months, according to the latest Cyber Security Breaches Survey. The cost is also rising sharply with the cost of a data breach in the UK rising 8.1% in 2022 to an average of £4.56 million.
As security professionals we are all at the forefront of this battle against cyber-crime. We recently discussed the basic defences you need to protect yourself and your business. Here we will focus on the foundations of strong cyber defences: digital resilience.
The consequences for poor digital resilience are stark. Without the plans and procedures in place to minimise damage and disruption you face greater financial losses, brand harm and operational disruption. What’s more, class actions following a data breach aren’t limited to the US. British Airways faced claims in the UK following their breach and 85% of in-house lawyers interviewed recently said that data breach was the area most likely to give rise to class action or group litigations.
The consequences are grave, but they are also avoidable with proper preparation.
Step 1: Identify and Prioritise Critical Assets
Start by carrying out a comprehensive assessment to identify and prioritise your critical assets. Take stock of all the applications, systems and processes that make your business tick. Then, prioritise based on their significance and potential impact on operations. By identifying these crucial assets now, you can direct your resources and efforts towards protecting them before they fall over.
Step 2: Create an Incident Response Plan
Establish a dedicated incident response team now from across the business. Define clear roles, responsibilities, communication channels, and sign off responsibilities. This will save you precious time it the event of a cyber-attach. Craft well-documented incident response procedures and workflows, ensuring that every member of your team understands the part they will be expected to play.
It may sound basic, but the benefits of a simple plan can be profound. Take the example of the Surgical Safety Checklist that was launched by the World Health Organization (WHO) back in 2008. This simple, single-page checklist was found to reduce deaths and complications by more than one-third and has saved countless lives. Taking the same simple approach to help your team to focus in the event of a breach can be similarly transformative.
Step 3: Create Playbooks for Major Incident Types
We’re all faced with too much to do and not enough time, so prioritisation is key to success. Identifying common incident types that pose a significant threat to your organisation will help you spend your time most wisely. Develop detailed playbooks that outline predefined response actions for each incident type. Continuously review and update these playbooks based on emerging threats and industry best practices. Remember, the ability to respond to specific threats swiftly and effectively can make all the difference in minimising the impact of an attack.
Step 4: Identify and Train Your Incident Response Team
Your incident response team must be carefully assembled and equipped with the necessary skills. Identify individuals with diverse expertise and assign them to your incident response team. This should be a cross functional team bringing together people from:
- IT and Security: these members will be the core of the overall incident response team.
- Project Managers: these members can come from various departments, they should be focussed on keeping track of the response, timelines and next actions.
- Marketing and Communications: you will need to work with your communications colleagues so that they can manage internal communication, external media outlets as well as affected customers and supply chain members.
- Legal representation: can be in-house or external to manage the legal requirements and implications of the incident and your response.
- Executive sponsor: a single point of contact for escalation and sign off.
- External consultants: you may very well require a third-party expert in incident response and forensics to support and you should know now who it is you would call.
Once you have the team together, you’ll need to provide comprehensive training on procedures and the technologies in place to detect, respond and remediate attacks. Then, you should conduct regular drills and simulations to sharpen their readiness and foster a culture of continuous improvement.
Step 5: Test Your Plan
When it comes to digital resilience, theory alone is not enough. Design realistic attack scenarios based on known threats and vulnerabilities. Simulating real-time incidents in-house or using professional penetration testers will allow you to evaluate the effectiveness of your response plan. Execute these tests meticulously, taking note of the strengths and weaknesses that emerge.
Step 6: Create a Brief and Constructive Report
Document the outcomes and key lessons learned from the testing phase. Identify areas for improvement and update your incident response plan accordingly. Share this report with relevant stakeholders and executive leadership, fostering a culture of transparency and collaboration. Don’t shy away from the weaknesses or minimise the shortfalls, instead make sure you resolve issues before they are tested for real.
Take these 6 steps now and you won’t regret it.
By embracing a well-crafted strategy and meticulous incident response plan, you can prepare against the inevitable cyber-attacks and minimise their impact.
There are no guarantees you won’t suffer a breach, but you can guarantee you’ll handle it better. At a recent Red Helix event, former combat helicopter pilot Sarah Furness spoke on how to prepare for a crisis and described the need to “Train Hard, Fight Easy” when she addresses a room of senior cyber security specialists. The point she was making applies equally to helicopter pilots and security professionals: if you do the hard work now, you can guarantee you’ll respond better when faced with a crisis.