Cyber security breach – planning for the worst-case scenario
While today cyber threat monitoring, assessment and detection have become highly sophisticated and more advanced, protection still cannot be 100% guaranteed. With this in mind, organizations need to be aware of the risks and prepare themselves for security breaches, so that, should the worst ever happen, they can respond rapidly and effectively.
- Systems and processes must be in place to raise the security breach alarm as early as possible.
- Once alerted, you need to know the steps to take to minimize the damage and deal with issues.
- Staff need to be well trained to overcome security issues as they arise.
How well is your organization prepared for a cyber security Incident?
It’s imperative that organizations rapidly respond and act to resolve issues as soon as a cyber Incident occurs. However, few companies actually prepare themselves by performing an ‘Incident’ drill. Just like a fire drill - it’s about going through the various actions needed to mitigate the impact on your business. Whether spotted by your own IT team or a third-party managing your security, the speed of your reaction after an Incident is crucial.
By failing to put a plan in place to react to and manage an Incident, things can swiftly get out of hand:
- As the depth of the Incident grows, so does the damage to mission-critical data and systems.
- As the time to respond grows, so does the list of affected areas within your organization.
- Money spent reacting simply adds to the likely cost of service interruption, system recovery, and level of potential compensation.
The more your people know what to do, the faster your reaction time will be. When formulating a plan, you need to consider:
- After an Incident occurs who is equipped to check vital systems?
- How will you assess the extent of the initial damage?
- Is it likely to get worse?
You need; real-time intelligence on the Incident, an effective response plan, and your people drilled on how to respond, otherwise you risk wasting time and making the Incident and its effects far worse.
By taking effective action, closing the Incident and then using post- Incident analytics, you can maintain high standards of security at all times - which is critical to protecting your customers and reassuring your stakeholders.
Incident response
• The first thing is to know when an ‘incident’ is actually an ‘Incident’.
1. An “incident” (lower case ‘i’) – minor issues that can be dealt with through triage in the normal cycle of service desk tickets. Or
2. An “Incident” (upper case ‘I’– major problems that can significantly disrupt what you do without the right preparation.
• Next, and most importantly, you must have a plan of action to follow once an Incident has occurred. This is imperative as, under new EU General Data Protection Regulation (GDPR) due in May 2018, organizations will be compelled to not only protect peoples’ data but also reveal breaches. Those failing to comply with these regulations face stringent fines of up to 4% of global annual turnover for the previous financial year.
Fujitsu’s intelligence-led security approach
Intelligence-led security offers a real-time and predictive way to understand, monitor, and respond to cyber threats, it provides the ability to:
- understand ongoing threats
- self-generate new responses as threats evolve
- reduce the likelihood of further major Incidents
By arming yourself with intelligence about your systems and external threats can put in place controls for Incident mitigation. However, should the worst happen, and an Incident occurs, you will be better placed to understand what is occurring and respond at speed.
Featured insights
Petya, Medoc and the delivery of malicious software
Our Cyber Threat Intelligence team run passive threat assessments on behalf of organisations to demonstrate the view of an attacker.
Phishing attacks affecting Office 365
Our experts explore the risks associated with Office 365 cloud services if not appropriately secured.