FEATURE
Ensuring that businesses are properly prepared to react to a cyberattack , and to secure assets and data afterwards , is entirely dependent on the proactive steps businesses take in advance so they can respond to such an incident quickly and efficiently .
This is why businesses must have an incident response plan in place , detailing how they should respond to cyberattacks . This plan should have complete buy-in across not only the cybersecurity or IT divisions , but the entire company from marketing and sales to the CEO and Board , if applicable .
This is crucial in businesses of all sizes to ensure that everyone is reading from the same hymn sheet should the unthinkable happen . Knee-jerk reactions to a cyberattack , both internally and externally ( to customers , partners , stakeholders and the press ), can do far more damage than a carefully considered approach .
Evidence that organisations may have already suffered a cybersecurity incident
Businesses , dependent on their size and internal cybersecurity capabilities , should look – or engage their Managed Security Service Provider ( MSSP ) – to analyse whether they are suffering from any of the following lapses in security , which may indicate that a cyberattack is imminent or already in progress :
• Does the business have open , atrisk ports , such as remote desktop protocol ( RDP ), authentication and datastore ports ?
• Is there evidence of outbound traffic to known malicious infrastructure ?
• Is the business being targeted by known IPs that are associated with ransomware ?
the following steps cover the basics – and more – of how to best respond to an incident .
1 . Preparation
This begins with fully preparing for a potential cyberattack . Businesses need step-by-step guidance to define how incident response teams will manage incidents , including internal and external communications plans and incident documentation .
A proactive approach is crucial in ensuring all departments of all organisations in a supply chain are ready .
The adage that a business is only as secure as its weakest link – in this case , the business within its supply chain with the weakest cybersecurity practices – should be front of mind . As internal security becomes more secure , an organisation ’ s supply chain often becomes the weak link . Supply chains are the vendors that are connected to an organisation ’ s network .
How to secure your business in the event of an attack
If an organisation detects that the above anomalies are taking place , they should follow the six steps below to develop an incident response plan . There are multiple frameworks in circulation , but
James Tamblin , BlueVoyant UK President www . intelligentciso . com
37