This article is part of our Essential Guide: Cyberthreats, cyber vulnerabilities, and how to fight back

Security Think Tank: Strategies for surviving a cyber attack

What key things should organisations be doing in terms of cyber defences to ensure they are resilient?

The reach and severity of recent cyber attacks, such as WannaCry and NotPetya, have prompted many organisations to seriously consider their ability not only to resist an attack, but also to survive one.

The first step is to know where the risks lie and build up ways to cover your attack surface. Knowing the risks allows you to implement targeted processes to mitigate attacks.

A key requirement is to educate all staff about how they can be targeted and to provide guidance on how they can contribute to business resilience. This education can be built up slowly, beginning with something as simple as asking staff to double-check an email that is not written in the usual style the sender uses – especially if it involves money. Phishing emails are becoming more sophisticated and harder to detect, remaining one of the most frequent types of attack.

It is just as important to prepare for when an attack has happened. The main aim should be to keep the business going; the second priority should be to restore the organisation to its “pre-attack” state; and thirdly to apply lessons learned to improve resilience against the next attack.

Doing this efficiently involves preparation and having adequate procedures in place, including realistic rehearsals and exercises. Most organisations have risk management procedures, such as fire safety drills that help make the scenario as realistic as possible.

Similar techniques can be effective in minimising the impact of cyber attacks. Everything should be tested and rehearsed, including incident management plans, restoring backups and rebuilding servers.

In the event of an attack, organisations need trained people from across all business functions ready to work together to fix the problem as quickly as possible. In addition to the IT and security teams, this should include PR teams ready to communicate publicly and deal with any incoming queries.

The C-level function must be ready to handle stakeholder queries, and the legal team should be considering any legal implications or risks. This is a business issue, not just a technical one, and warrants management as such.

All of the above steps need to be repeated, tested and updated regularly to ensure a calm and confident stance, as well as providing the best opportunity of limiting any damage or consequence to the business.

Read more on Hackers and cybercrime prevention