Security Think Tank: Strategies for surviving a cyber attack

What key things should organisations be doing in terms of cyber defences to ensure they are resilient?

The reach and severity of recent cyber attacks, such as WannaCry and NotPetya, have prompted many organisations to seriously consider their ability not only to resist an attack, but also to survive one.

The first step is to know where the risks lie and build up ways to cover your attack surface. Knowing the risks allows you to implement targeted processes to mitigate attacks.

A key requirement is to educate all staff about how they can be targeted and to provide guidance on how they can contribute to business resilience. This education can be built up slowly, beginning with something as simple as asking staff to double-check an email that is not written in the usual style the sender uses – especially if it involves money. Phishing emails are becoming more sophisticated and harder to detect, remaining one of the most frequent types of attack.

It is just as important to prepare for when an attack has happened. The main aim should be to keep the business going; the second priority should be to restore the organisation to its “pre-attack” state; and thirdly to apply lessons learned to improve resilience against the next attack.

Doing this efficiently involves preparation and having adequate procedures in place, including realistic rehearsals and exercises. Most organisations have risk management procedures, such as fire safety drills that help make the scenario as realistic as possible.

Similar techniques can be effective in minimising the impact of cyber attacks. Everything should be tested and rehearsed, including incident management plans, restoring backups and rebuilding servers.

In the event of an attack, organisations need trained people from across all business functions ready to work together to fix the problem as quickly as possible. In addition to the IT and security teams, this should include PR teams ready to communicate publicly and deal with any incoming queries.

The C-level function must be ready to handle stakeholder queries, and the legal team should be considering any legal implications or risks. This is a business issue, not just a technical one, and warrants management as such.

All of the above steps need to be repeated, tested and updated regularly to ensure a calm and confident stance, as well as providing the best opportunity of limiting any damage or consequence to the business.

This was last published in September 2017



Enjoy the benefits of CW+ membership, learn more and join.

Essential Guide

Cyberthreats, cyber vulnerabilities, and how to fight back

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

We have encountered those malicious files too. First at the beginning of the year and second time came later on. Both NotPetya and WannaCry were handled by our cyberbit provisioned protection array, unfortunately our response rate was not as satisfying and for that we had some of our data corrupted.