Research carried out by cybersecurity experts ramsac indicates that human error is responsible for at least 90% of cybersecurity breaches, meaning businesses must do more to protect themselves against cybercrime.
Unfortunately, around 20% of businesses still don’t have any form of cybersecurity training in place for their staff and rely only on readily available security features, such as anti-virus software, to hinder criminals. As businesses continue to be victimised by more sophisticated attacks, such as phishing scams and malware, it’s clear greater measures are needed. So, it’s worth asking yourself, is your business vulnerable to a cyber-attack? The answer is more likely yes.
What steps do businesses need to take when a cyber-attack has happened?
Before a cyber breach even happens, it’s worth assessing the risks affecting your company and setting up an Incident Response Team to ensure the issue can swiftly be isolated and resolved. Your Incident Response Team (IRT) must consist of key stakeholders within your business as well as either your IT provider or IT department, as they are vital for isolating the attack.
Live or ongoing cyber-attacks that are serious must be reported as a matter of urgency to the National Cyber Security Centre (NCSC) and Action Fraud as they are considered criminal acts. They’ll offer additional support and specialist advice to assist during the response and mitigation stages. Here are the steps you’ll need to take if your business is going through a cyber-attack:
1. Initial assessment of the breach
With your company’s IRT in place, they’ll carry out an initial assessment to understand the severity of the attack. This assessment will consider how the threat might impact the organisation. This assessment will answer the following questions:
- What has happened?
- How many people, devices and systems are affected?
- An exact description of the incident and what occurred.
- What is the impact on the organisation?
2. Contain the breach
Simple solutions like disconnecting the internet and immediately changing all affected passwords are the easiest things to do to help contain a breach. It’s best to have either your IT department or IT provider handle this stage, as they are more equipped to deal with cyber-attacks.
3. Investigate the attack
Whatever the cause, your company’s IRT will investigate to determine how the attack started and the full extent of damage faced.
They’ll need to be critical of the situation and start to understand how it might have occurred. Having an IT provider conduct the investigation is ideal as they’re already removed from the situation and can see it with fresh eyes and without bias. As part of their investigations, they’ll work to determine:
- Which staff members or contractors had access to the affected servers?
- How the attack started.
- Who the cyber-attack directly affected? It’s worth noting that customers, vendors and employees must be notified immediately when personal information or service disruption affects them.
- Whether this incident was down to human error or if it was a deliberate and planned malicious attack.
4. Mitigate the risks
With an IRT in place, you should also have backup and restoration plans, such as remote servers, to help minimise any downtime.
The mitigation stage also includes futureproofing your business against further attacks. Any vulnerabilities picked up during the investigation stage will be dealt with to prevent similar incidents from occurring.
5. Communication with stakeholders and customers
As determined by laws and regulations, the IRT will contact anyone directly affected by the cyber-attack. This might include individuals whose personal data has been compromised during a breach. If it’s necessary to do so, the IRT will then take responsibility for reporting the incident to management and authorities, such as the National Cyber Security Centre.
6. Paper trail and documentation
From the initial assessment to the documentation of communication, your company’s IRT will collate every stage and decision made during the cyber breach. This exercise ensures full transparency where decisions have been made earlier on in the attack whilst informing preventative measures later.
After an attack, any decisions and documentation are likely to be heavily scrutinised and will need to be in good standing if legal action is taken against your company.
7. Evidence gathering and handling
No matter the nature of the attack, companies may face legal action from either authorities or those requiring compensation. For companies to demonstrate they made the right decisions and protected any critical business data, they’ll need to accurately reflect this within their documents and risk assessments.
How can you be proactive before a cyber-attack occurs?
As we’ve already determined, cyber-attacks are the biggest threat to businesses across the UK. In 2022, a devastating 480 million personal records were breached due to cyber-attacks. So, how can you be proactive and help prevent a cyber-attack?
1. Invest in a cybersecurity provider
When a cyber-attack occurs, it can be difficult to know the correct steps and stages to follow. Fortunately, this is something that a cybersecurity provider can offer. They’re likely to help you build a strong contingency plan and cybersecurity strategy that actively addresses weak points within your infrastructure whilst also monitoring potential threats.
2. Ensure your servers have remote backup
To continue offering customers continuity of service, especially whilst the threat is dealt with, you’ll need a remote backup option that keeps your business operational.
3. Search for weak points in your workforce
This shouldn’t be a task that penalises any staff members with limited cybersecurity knowledge. Instead, it should be an opportunity for development and internal training. Identifying a need for further education can only strengthen your human firewall.