Ten Steps to Prepare for Cyber attacks

Cyber attacks, such as ransomware, continue to cause difficulties to businesses globally, occasionally bringing them to near total standstill. Countering this is an ongoing race between, on the one hand, the sophistication of the tools used and the attacker’s skill in deploying them and, on the other, companies’ attempts to defend their systems and their preparations for how this will respond if an attack occurs. Companies that take their eye of the ball can easily fall behind in this race and suffer the consequences.

Ransomware attacks used to be limited to the locking of a company’s computer system by encryption software and ransom demand for the key to unlock them, but not anymore.  Over recent years there has been an evolution meaning that the theft of sensitive company data, along with the locking up of computer systems, is now very common. The combination of the carrot of regaining access to vital systems and the stick of the threat of public embarrassment, or worse, through the release of data if the ransom is not paid, serves to multiply the pressure on the companies that fall victim to attacks.

Companies continue to be vulnerable to cyber incidents due to, amongst other factors, poor employee education on phishing or social engineering attacks and a lack of system recovery and contingency plans.

Whatever the size of an organisation, a risk-based approach is required.  Some sector specific help is available. For example, registered social housing providers and many public sector organisations can take advantage of the National Cyber Security Centre’s free “Web Check”, which helps find and fix common security vulnerabilities in the websites that they manage. The NCSC has also has a wealth of technical and practical advice available from its website.

Whilst it can seem daunting, these are ten steps to consider, which will help organisations against attacks and prepare for the worst:

1. Asset Management and Integrity Monitoring: Companies should know what data and systems they have, and establish an operational baseline for those systems. This will help with risk-based patching and updates as well as being able to identify files that have been changed and by whom.
2. Vulnerability management: Cyber criminals often take advantage of out-of-date software and unpatched systems. Keeping your systems protected throughout their lifecycle mitigates ransomware risk.
3. Data security: The technology and cyber security landscape is constantly evolving and organisations need to ensure that good cyber security is baked into their systems and services from the outset, and that those systems and services can be maintained and updated to adapt effectively to emerging threats and risks.
4. Detection: Detection tools, such as intrusion detection and malware detection help to proactively identify potential ransomware or other data integrity events.
5. Logging and monitoring: Designing systems to allow robust logging that is consistently monitored helps with both proactive detection and investigating an incident, such as what the attackers have accessed.
6. Back-ups: Up-to-date backups are the most effective way of recovering from a ransomware attack. Offline backups that are kept separate, in a different location (ideally offsite), from an organisation’s network and systems (or in a cloud service) are important, as is ensuring they are not permanently connected to the network.
7. Employee training: Many successful attacks start with an employee or other service provider being tricked by phishing or social engineering attempts. Training is vital in helping people spot these. All companies should collaboratively build security that works for people in their organisation.
8. Incident management: The immediate aftermath of an incident can be chaotic and stressful. A well thought-out incident response plan saves time and avoids important steps being overlooked. Once an incident response plan is developed, many companies undertake “tabletop exercises” where decision-makers play out cyber incident scenarios and assess the effectiveness of decisions, procedures, and communication strategies.
9. Incident response providers: Knowing in advance which technical experts and data protection/cybersecurity lawyers you will turn to reduces delays in allowing decision-makers to make critical decisions. Experts will also often assist in responding to and containing the incident.
10. Prepare for notification and disclosure obligations: The notification and record-keeping requirements that can arise from a cyber incident are complicated, and companies can benefit from advance planning. A breach notification obligation to the Information Commissioner’s Office and individuals (and potentially other regulators depending on the sector) can be required even if stolen data is returned. The mere unavailability of personal data can also sometimes trigger breach notification obligations.

Winckworth Sherwood’s data protection team is available for advice on these steps and related issues. Please contact Chris Garrett for an initial discussion.