Cyber security: Are you prepared?
Tom Mullen, O2’s Head of cyber security, considers what steps organisations should take to ensure they are prepared for when a cyber attack happens
In my previous posts we have considered the role that your employees play in cyber security, how to recruit effectively, and also how to ensure that your IT Team is fit for purpose. We need to recognise, however, that cyber attacks are becoming more frequent and sophisticated, and your organisation’s threat, intelligence and response teams need to be ready to roll out at a moment’s notice. The UK government’s own 2018 Cyber Security Breaches Survey makes worrying reading, with 65% of medium and large businesses identifying cyber security breaches in the last 12 months.
Of more concern is that just 28% of all businesses have any sort of incident response or business continuity plan in place. So what does being prepared mean in practice? Here are five things to consider.
- Have an Incident response plan
Do you have an incident response plan in place? If you were attacked overnight tonight are you confident that your people would know what action is required to take control of the situation? You need a detailed, step by step plan detailing who is responsible for each step:
- Who will make the decision to shut down critical systems until the danger has passed?
- Who will make sure that every employee is aware of what is going on and takes the appropriate action? What about remote and field workers?
- How will you communicate any service outage to customers and the wider public? Do you have appropriate PR effort ready for such a situation?
- Who will bring backup systems and processes on line?
- Who do you have to notify, ICO, OFCOM or other regulatory bodies?
There is no room for ambiguity here. Your incident response plan should detail what will be done and by whom, ensuring that every conceivable situation is catered for with as simple a process as possible.
- Implement ways to communicate effectively
I’ve mentioned in previous posts that I don’t believe that email is an effective communication tool for delivering urgent security messages. It doesn’t matter how many red flags you attach, or how much bold or capitalised text you use, emails just don’t get opened quickly enough.
At O2 we use a number of applications to distribute security messages around the organisation quickly. For example, we raise awareness of current threats using a collaboration and communication app called WorkPlace. How you communicate is only part of the story. With a cyber attack or security breach you also need to establish straight away who needs to be informed. A fully prepared organisation has a list of who needs to be notified, in order of priority, ready and waiting. This will start with your customers but will also include your management team, employees, as well as the wider business community that might be affected.
Timing is critical, and your PR team should be actively monitoring your social media channels for early warning of a problem. Spreading the word once an issue has been resolved is just as important. Your productivity losses, missed sales and bad publicity will be minimised if you have a plan in place to keep people informed and updated with what you are doing to resolve a problem.
- Practise what you will do in the event of a cyber attack
These days cyber attack drills are as straightforward to undertake as fire drills. A drill will identify areas where your team needs additional training, and will expose weaknesses in your security that can be strengthened. There are a number of software applications available that will simulate a cyber attack convincingly, allowing your IT and security experts to roll out the response plan you have put in place. It’s a lot safer to identify gaps in your plan as part of a practice drill than to wait for the real thing.
There are other fundamental procedures that need regular testing and practice. For example, I have worked with several organisations who performed regular, comprehensive backups of data and applications, yet seldom tested them to make sure they had completed successfully, or practised how they would use them to restore operations in the event of an attack.
- Stay up to date
The strategies employed by cyber attackers evolve constantly, and you have a responsibility to ensure that your security people stay abreast of new trends and vulnerabilities. The National Cyber Security Centre (NCSC) publishes regular, up to date advice and information on malicious cyber activity available to all. They have also published a report on the cyber threat to UK business, which you can access here. If you understand the types of attack you are likely to face you will be better prepared to take the appropriate corrective action.
- Consider outsourcing cybersecurity
At O2, we help organisations with their security needs. As part of the Telefónica Group, we’re at the forefront of cybersecurity research and development and we are supported by a global security network. Our Cyber Security services start with CAS(T) accredited networks, as well as solutions from leading security vendors that we can package in to managed services, providing you with bespoke insight and minimising the risk from cyber threats. We help you to:
- understand the risks and threats that are specific to your organisation
- Identify who might want to harm your organisation and why
- Establish the most likely ways your security might be attacked
So how prepared are you? You can find out more about ways we can help here.