Cyber preparedness and response work hand-in-hand
Here are three main areas of preparedness companies should focus on to successfully recover from any cyber event.
When an organization is alerted that it has been the victim of a cyberattack, time is of the essence. The next few steps could either quickly secure the company from further damage or dig a deeper hole towards destruction.
While cybersecurity continues to challenge organizations across all industries and of all sizes, it is important for leaders to turn their attention to both preparedness and response. These two work hand-in-hand, and oftentimes, the cornerstone of a successful cyber incident response is anchored in preparedness.
There is a stark difference in the response to various types of cyber events. For example, a data breach response has a different path towards recovery than a ransomware one. Overcoming a data breach can typically focus on notification of those impacted while closing the point of entry of the hacker and pivoting to credit monitoring. Meanwhile, responding to a ransomware event will likely involve forensic investigation, remediation, and restoration/recovery efforts involving system backups. No matter which path is taken, it is nearly impossible to have an effective response without adequate preparedness.
Three areas of focus to strengthen resilience
Now is the time to get prepared. When looking ahead to the remainder of 2021, ransomware is showing to be one of the greatest cyber risks. Ransomware events are on the rise and are not expected to slow down in 2021 — in frequency or complexity — according to the Sophos 2021 Threat Report. While planning for all cyber risks is important, it is crucial for companies to expect to be a victim of a ransomware attack, even if they think it is extremely unlikely.
To successfully recover from any cyber event, a company’s focus should be on these three areas of preparedness.
No. 1: Technical
Ensure the organization has the proper security controls in place to identify and defend against an attacker. Putting security controls in place, such as next-generation anti-virus, endpoint detection responses and firewalls, can often reduce the impact of an attack. Additionally, proactively segmenting a company’s system can help with response and recovery time, as the attacker will likely be unable to take down the entire system in one attack.
No. 2: Response
Once a company realizes it has had a cyberattack, the first steps should be clearly laid out – who to call, who to alert, and how to triage the situation. To ensure all areas are covered and considered, it is important to have a prepared, detailed list that will smoothly lead to a quick recovery process. For example, privacy counsel, forensics and an insurance carrier should be a few of the calls early on. Companies can then turn their heads towards recovery and restoration of systems and resuming business operations. All of these steps take detailed planning to ensure careful execution.
No. 3: Testing
One of the most critical steps in planning is in testing. By testing response plans, organizations can clearly see where the areas of improvement might be in the recovery process. It will show the consequences of poorly planned steps and reactions — those that could lead to more damage, more expenses and more business interruption. Proper testing of response plans can shed light on whether a company’s planning efforts will be successful or catastrophic to its operations.
While most people know the basics of what can happen with a cyberattack, the details of the threat — like all aspects of cybersecurity — are constantly evolving. The tools, tactics and procedures used by attackers continue to change. A well thought out, planned and prepared response is key. Know your organization’s strong points as well as its shortfalls, ensuring its preparedness is as strong as its response.
Brian Robb is an underwriting director and cyber industry leader at CNA. Robb is responsible for product development and underwriting strategy within CNA’s Cyber and Technology E&O underwriting operation.
Related: