Melatonin for IT execs: cyber attack response planning

Being woken up in the middle of the night to your company being hit by a ransomware attack is an ongoing nightmare for many executives. However, like the teenagers in A Nightmare On Elm Street, for some IT execs, the nightmare is real! The recent spate of high-profile cyber attacks serves as a good reminder to organisations that they must always be ready for threats, as the decisions they make in the seconds, minutes and hours following a breach will carry long-term operational and regulatory consequences that will impact their bottom line and business reputation. It is therefore essential that organisations have the right procedures and solutions in place to respond to cyber attacks rapidly and effectively.

Today’s cyber landscape is haunting dreams

Australia has recently witnessed devastating ransomware attacks on household-name companies, which has resulted in millions of individuals’ data being stolen. However, this is no surprise as Australian organisations are experiencing ransomware attacks well above the rate we are witnessing globally. Eighty per cent of Australian organisations were hit with ransomware in 2021, up from 45% in 2020. By comparison, 66% of global respondents experienced a ransomware attack in 2022.

Cybercriminals are continuing to deploy stealthy, human-led techniques to conduct their attacks, often choosing to attack businesses overnight or on weekends when there is typically less human surveillance. Investing in cyber insurance is not enough to counter out-of-hours attacks. Insurance companies have become more particular about providing coverage as they won’t cover an organisation if it’s not taking adequate measures to prevent an attack in the first place.

The average cost to recover from a ransomware attack in 2021 was AU$1.61 million, with Australian organisations taking on average one full month to recover from an attack. On top of financial damages, attacks can also lead to reputational damages, decreased customer trust and other longstanding issues. For organisations, ensuring threats are responded to efficiently and adequately is imperative to ensuring they don’t reach this point.

You can’t just ‘wing it’

Active attacks can quickly become overwhelming, especially when occurring out of hours as it can be complicated and stressful to manage multiple vendors, stakeholders and deployment tools. If an incident response plan is not implemented, it is difficult for leadership to understand the severity of an attack and navigate the roles and responsibilities throughout the mitigation and recovery process. That is why it is important for businesses to have an incident response plan that is developed well in advance, practised and revised regularly.

A proactive response allows organisations to evaluate different response protocols through continuous testing, mock scenarios and tabletop exercises. This practice is pivotal to an organisation responding efficiently and calmly to an inevitable cyber attack.

It also gives stakeholders the opportunity to build internal alignment and decide on integrating outsourced managed detection and response (MDR) solutions. Outsourced MDR ensures incidents are less likely to occur in the first place, and with 24/7 threat scanning, it offers immediate identification and mitigation of attacks no matter when they occur.

Taking the right steps to cyber attack responses

Planning an incident response after an organisation has suffered a cyber attack is pointless. Every organisation is a target in this current cyber landscape; so, it is important for organisations to develop incident response plans with a range of factors in mind to achieve robust internal alignment and streamlined collaboration:

Stay agile. Keep in mind that some aspects of an incident response plan require a flexible approach. Even with robust planning in place, organisations need to be prepared to adapt to new threat evolutions and to adjust incident response plans accordingly.

Prioritise cross-team collaboration. Cyber attacks affect all aspects of an organisation, so teams including finance, legal, marketing, PR and IT need to be involved in decision-making and risk assessment.

Maintain good IT environment hygiene. Ongoing maintenance of IT environments minimises the likelihood of incidents occurring. Organisations should routinely check security controls and address any unpatched vulnerabilities, like open remote desktop protocol (RDP) ports.

Keep a hard copy of the incident response plan. Organisations need to hold a physical copy of their incident response plan in case they are hit by ransomware and digital copies of the plan are encrypted.

Leverage MDR specialists with incident response experience. Even experienced internal security teams benefit from MDR operations teams with extensive industry knowledge. These providers are well versed in the specific threats organisations face and know how to respond swiftly and effectively. They can also fill the resource gap generated by the need to monitor operations 24/7.

As cyber threats continue to evolve in complexity, more organisations will wake up to a cyber attack nightmare. It is vital that the correct approaches are taken early and an efficient and well-orchestrated incident response plan is implemented so threats can be quickly addressed and mitigated. Think of it as a dose of melatonin so you can sleep well every night.

Image credit: iStock.com/miodrag ignjatovic