You may have a business contingency plan in place and be ready to deal with an unexpected event that prevents you from accessing your IT systems. But dealing with a major infiltration of your systems, a significant loss of data, or a ransomware attack would pose difference challenges. Would you be able to cope?
The chances are that your organisation already has business contingency and disaster recovery plans in place. As such, you will be ready to deal with a major breakdown or loss of your computers or connectivity, a power failure, fire, flood, or any other unforeseen disaster that results in the loss of access to essential IT and communications systems.
But what about a major infiltration or infection by a virus? A distributed denial of service (DDoS) attack, or a ransomware scam? Any rock-solid business contingency plan today needs to include an incident response procedure that sets out clear, step-by-step processes that can be followed if such an event occurs – because they are going to just as serious as any natural disaster in terms of loss of access to systems – and almost certainly worse in terms of loss of face an reputation.
Only a matter of time
They are also much more likely to happen – in fact, sooner or later, almost every organisation of any size can fully expect to be targeted by cybercriminals. The recent (2019) Hiscox Cyber Readiness Report, which surveyed cybersecurity professionals at more than 1000 public and private sector organisations in the US, found that 53% reported at least one cyberattack – up from 38% in 2018.
Only 11 percent of firms met the defined criteria that would qualify them as ‘experts’ in terms of their cybersecurity readiness – down from 26 percent the previous year, with 16 percent ranking as ‘intermediate’ and the remaining 73 percent as ‘novice’.
While these findings relate to US organisations, we could expect any similar survey in the UK to deliver very similar results. And they are a little bit worrying. They suggest that the number of cyberattacks is rising and that fewer organisations are prepared for such an attack. It is difficult to explain why fewer firms are defined as ‘experts’ in this respect, but with almost three out of four ranked as being at the ‘novice’ level, there’s clearly a gap between chances of an attack happening and the readiness of organisations to deal with any such assault.
Getting geared-up to respond
We know that a lot of major organisations were not ready when WannaCry infection struck in March 2017, but while many or most organisations may have since acted to prevent this kind of malware penetrating their defences, fewer seem to be geared-up to deal with the consequences if that did happen. And of course, there is every chance that, no matter how good your perimeter defences are, one day, an attack will succeed.
Being able to recover from such an incident – calmly, methodically and swiftly – is absolutely vital. Organisations need to resume normal, everyday activity as quickly as possible. This is why an incident response process needs to be in place alongside or as an integral part of any business contingency and disaster recovery plan.
Where to start might be the question any organisations would ask though. As a first step, we’d recommend looking at the US National Institute of Standards and Technology (NIST) Framework, which sets out standards, guidelines, and best practices for recovery policies and is already used by a wide range of organisations to help advise policy creation and guide best practice.
To find out more on SCC’s Security offerings please click here.