Fail to Plan – Plan to Fail.

Even with the best training and security in place it is still likely your organisation will need to deal with some sort of cyber incident. Studies have shown breaches can take months to discover so it is vital to have a procedure in place to ensure a speedy resolution. It is also key to make sure these procedures are reviewed regularly if there are any significant changes in your business and that they are communicated clearly at all levels of your business. An example of this necessity can be seen in the shift to homeworking during COVID-19 and how companies had to adapt their approach to cyber security.

‘Dwell time’ is the length of time that a breach or malware is undiscovered and is a serious issue in cyber security. During this time the hacker has access to the system and can do damage. If you don’t monitor your system for anomalies or recording the right data this time frame can increase.

Another approach is to start ‘threat hunting’.  That is to proactively invest time in investigating possible threats in order to see how they play out then use these lessons in order to be able to respond in real time to potential threats as they arise.

Another dimension to dealing with threats is to have a comprehensive incident response plan in place. This will mean you are able to deal with any incidents efficiently without stress. It can also dramatically mitigate any losses you may incur so it is important to invest time in developing and testing this.

There are several questions you need to consider when putting together a response plan:

What is your worst case scenario?

How quickly would you begin to lose revenue in the event of an incident?

How would you deal with a data breach? Who would need to be notified? Do you know your responsibilities under GDPR?

How will you find out what has happened? Do you have your own IT team? Do you outsource this work?

A trucking company suffered a ransomware attack where cyber criminals encrypted all of their data files and requested a ransom of $9,920. Hackers had encrypted all of the data that they required to run their operations including routes, logistical information, contacts, and stock levels.
Rather than pay the ransom they set about reconstituting data from paper records and their employees’ knowledge of day-to-day operations. This resulted in a large amount of overtime costs and loss of business income that resulted from the extended outage of their systems and the consequential impact on operations.

Make an Enquiry