Man working on macbook with biscuits


How to deal with a cyber attack

Managing a cyber attack is crucial to your business

Cyber security is becoming increasingly important to all of us, and it’s especially crucial in the workplace, where business internet providers Beaming estimates that cyber attacks cost UK business £30 billion in 2016.

Being prepared means investing in up-to-date training for staff, appointing an incident response team, having clear disaster recovery plans, and ensuring adequate cyber insurance is in place. But the reality is an attack is likely to happen at some point - how well a business reacts will determine how damaging it is.

According to a UK Government-commissioned survey, almost half (46%) of all UK businesses identified at least one cyber security breach or attack over a 12 month period. This rose to two-thirds among medium-sized firms (66%) and large firms (68%).

It placed the average cost of a cyber security breach for businesses at £1,570 although that increases to £19,600 for large businesses.

Variants of malware ­– programmes intended to cause harm – appear at a rate of one million per day. Risks range from running a virus infecting an entire system to the theft of confidential information. And 70-80 per cent of attacks now come through email and email attachments, explained cyber security expert Cedric Leighton, adding: “You’re going to be attacked.”

But while cyber attacks are pretty much a fact of life these days, there’s much you can do to reduce their impact when it happens to you. Be prepared and act quickly with these seven simple tips:

Seven steps to cyber attack survival

1. Have the right insurance in place for your business

Information Age says it’s essential to act quickly and comprehensively when a breach is discovered to protect your business from greater liability. Effective insurance isn’t just there to cover any losses resulting from a cyber attack, but will ensure your business is supported by cyber experts, who will provide support and/or manage these measures – which need to be taken simultaneously when an attack happens:

2. Mobilise the incident response team

If you don’t have one, create one with representatives of all relevant internal stakeholder groups: technical, HR, employees, intellectual property (IP) and data protection experts, and public relations. Include your external software and network providers if you outsource these functions. If you are insured against cyber attack, your insurance company should also be involved as it will manage damage limitation and provide essential guidance.

3. Secure systems and ensure business continuity

This could mean isolating or temporarily suspending a compromised section of your network or even the entire network. In the long run this will be less disruptive and potentially costly than ignoring the attack and letting it spread.

But don't just remove malware from an infected machine and consider the attack over says executive editor Kelly Jackson Higgins in her article ‘What not to do in a cyber attack’.  “Malware is just a symptom of the attack. The biggest mistake organisations make when they start to respond to an attack is to shut down the infected machine in hopes of preventing any further spread of malware.”

Typically, she says, it alerts sophisticated hackers that they’ve been spotted and they can hide, sometimes for months, before resuming their attack. So leave the infected machine online, but block it from accessing the Internet and isolate it with a virtual local area network (VLAN) or a firewall. This keeps the network connection enabled and on, but the infected system is no longer a danger to the rest of the network.

4. Conduct a thorough investigation

To establish the facts surrounding the breach, its effects and remedial actions taken, your organisation needs to appoint an investigation lead and make sure they are appropriately resourced. Points to consider are labour laws if there is potential employee involvement and regulatory requirements if applicable. Information Age says investigations in practice ‘are usually iterative: further lines of enquiry will become apparent as the circumstances surrounding the breach become clearer.’

5. Manage public relations

Not all security breaches will become public, but for many it will be inevitable – for example, where customers' personal data has been compromised and is in the public domain, or where the relevant data protection legislation requires the affected individuals to be notified. Accuracy, openness, honesty and timeliness are important in any announcements.

Kelly Jackson Higgins recommends not keeping breaches secret can actually work in your favour. In an information void, people make up their own stories. A well-handled response to a breach in this climate where they’re inevitable can potentially boost an organisation’s reputation.

6. Address legal and regulatory requirements

You should pay particular attention to data protection regulations and their requirements to report breaches to the relevant authority and individuals.

Kelly Jackson Higgins also recommends sharing intelligence about the attack with other organisations. That means not just passing the location of a bad domain to other organisations in your industry or group, but also providing real attack information to help others improve their understanding.

7. Incur liability

Regulatory liability often results from cyber security breaches and can be substantial in sectors such as financial services. Under the UK Data Protection Act, the current maximum fine is £500,000.

Litigation over cyber security breaches can also lead to liabilities. In August 2017, the Information Commissioner’s Office fined TalkTalk Telecom Group PLC £100,000 after it failed to look after its customers’ data.

The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. An ICO investigation found employees at an IT services company in India gained unauthorised and unlawful access to the personal data of up to 21,000 customers.

But along with the liability incurred through legal action, a company might take on non-legal liability as a consequence of a cyber attack. For example, if customer credit card details have been compromised, your organisation might choose to offer those affected complimentary credit screening.

So, even though a cyber breach is considered inevitable, says Cedric Leighton, we can make it harder for cyber attackers by not becoming complacent with IT or training.  “We’re all in this, just by turning on our computers and devices. That’s why it’s important to know how to protect ourselves and act quickly in the event of an attack.”