Managing a cyber attack is crucial to your business

Cyber security is becoming increasingly important to all of us, and it’s especially crucial in the workplace, where ComputerWeekly estimates that cyber attacks cost UK business more than £34 billion last year.

According to a 2015 UK Government-commissioned survey, 90 per cent of large corporations and 74 per cent of small businesses suffered a security breach. It placed the average cost of a cyber-security breach for large businesses at £1.46 million-£3.14 million, and at £75,000-£311,000 for SMEs.

Variants of malware ­– programmes intended to cause harm – appear at a rate of one million per day. Risks range from running a virus infecting an entire system to the theft of confidential information. And 70-80 per cent of attacks now come through email and email attachments, explained cyber security expert Cedric Leighton, adding: “You’re going to be attacked.”

But while cyber attacks are pretty much a fact of life these days, there’s much you can do to reduce their impact when it happens to you. Be prepared and act quickly with these seven simple tips:

Seven steps to cyber attack survival

1. Have the right insurance in place for your business

Information Age says it’s essential to act quickly and comprehensively when a breach is discovered to protect your business from greater liability. Effective insurance isn’t just there to cover any losses resulting from a cyber attack, but will ensure your business is supported by cyber experts, who will provide support and/or manage these measures – which need to be taken simultaneously when an attack happens:

2. Mobilise the incident response team

If you don’t have one, create one with representatives of all relevant internal stakeholder groups: technical, HR, employees, intellectual property (IP) and data protection experts, and public relations. Include your external software and network providers if you outsource these functions. If you are insured against cyber attack, your insurance company should also be involved as it will manage damage limitation and provide essential guidance. 

3. Secure systems and ensure business continuity

This could mean isolating or temporarily suspending a compromised section of your network or even the entire network. In the long run this will be less disruptive and potentially costly than ignoring the attack and letting it spread.

But don't just remove malware from an infected machine and consider the attack over says DarkReading.com executive editor Kelly Jackson Higgins in her article ‘What not to do in a cyber attack’.  “Malware is just a symptom of the attack. The biggest mistake organisations make when they start to respond to an attack is to shut down the infected machine in hopes of preventing any further spread of malware.”

Typically, she says, it alerts sophisticated hackers that they’ve been spotted and they can hide, sometimes for months, before resuming their attack. So leave the infected machine online, but block it from accessing the Internet and isolate it with a virtual local area network (VLAN) or a firewall. This keeps the network connection enabled and on, but the infected system is no longer a danger to the rest of the network.

4. Conduct a thorough investigation

To establish the facts surrounding the breach, its effects and remedial actions taken, your organisation needs to appoint an investigation lead and make sure they are appropriately resourced. Points to consider are labour laws if there is potential employee involvement and regulatory requirements if applicable. Information Age says investigations in practice ‘are usually iterative: further lines of enquiry will become apparent as the circumstances surrounding the breach become clearer.’

5. Manage public relations

Not all security breaches will become public, but for many it will be inevitable – for example, where customers' personal data has been compromised and is in the public domain, or where the relevant data protection legislation requires the affected individuals to be notified. Accuracy, openness, honesty and timeliness are important in any announcements.

Kelly Jackson Higgins recommends not keeping breaches secret can actually work in your favour. In an information void, people make up their own stories. And a survey by The EconomistIntelligence Unit found that two-thirds of executives believed a well-handled response to a breach in this climate where they’re inevitable can actually boost an organisation’s reputation.

6. Address legal and regulatory requirements

You should pay particular attention to data protection regulations and their requirements to report breaches to the relevant authority and individuals.

Kelly Jackson Higgins also recommends sharing intelligence about the attack with other organisations. That means not just passing the location of a bad domain to other organisations in your industry or group, but also providing real attack information to help others improve their understanding.

7. Incur liability

Regulatory liability often results from cyber security breaches and can be substantial in sectors such as financial services. Under the UK Data Protection Act, the current maximum fine is £500,000.

Litigation over cyber security breaches can also lead to liabilities. In 2014, almost 1,640,000 credit and debit card records from online holiday firm Think W3 were stolen. The Information Commissioner’s Office (ICO) described the incident as a "staggering lapse" and fined it £150,000.

But along with the liability incurred through legal action, a company might take on non-legal liability as a consequence of a cyber attack. For example, if customer credit card details have been compromised, your organisation might choose to offer those affected complimentary credit screening.

So, even though a cyber breach is considered inevitable, says Cedric Leighton, we can make it harder for cyber attackers by not becoming complacent with IT or training.  “We’re all in this, just by turning on our computers and devices. That’s why it’s important to know how to protect ourselves and act quickly in the event of an attack.”