Time to add a cyber incident response plan to your business plan
This time of the year is a boom time for cyber criminals. Consumers are shopping and transacting more. Shopping Web sites experience higher traffic volumes and process more payments than usual. Companies’ security teams can often be understaffed or unprepared for the influx of spam and malware doing the rounds. Employees are also more likely to work remotely, which often includes using unsafe connections to access company networks, like mobile hotspots or public WiFi. These factors make it a great time for perpetrating cyber crime.
“Cyber crime and fraud usually spike this time of the year, running into the January lull, and companies should not drop their guard with regard to security. Consumers and companies must be more vigilant over this period. Cyber criminals can target customers to steal sensitive information. For companies, the efficiency and swiftness in responding to breaches over the festive season are important for business continuity as they enter into the new year,” urges Charl Ueckermann, CEO at AVeS Cyber Security.
He says that as the cyber attacks increase in scale and frequency over public holidays and the festive season, when most business-to-business organisations are not operating as usual, cyber incident response plans become more critical to a company’s cyber defences. Poor cyber incident response not only impacts a business's continuity, it can also alienate its customers.
“Effective cyber incident response planning will place your business in better stead for handling and recovering from cyber incidents, and minimising their impact if they do happen.”
Every company with an online presence, technology systems or e-mail should have well-defined and communicated policies and procedures to follow in the event of a cyber security breach. This aids preparedness. Companies should also have firewalls, anti-malware tools and intrusion detection in place to identify breaches and enable quick, focused responses.
“Containing the breach to prevent further infiltration is crucial following a breach. Procedures for this should be part of the cyber incident response plan. IT security teams could, for instance, take specific sub-networks offline and rely on system backups to maintain operations. During high-frequency times, like the holiday period, containment is especially important. Once contained, threats can be neutralised and systems restored to as close to their previous state as possible,” says Ueckermann.
As part of the recovery phase, the security team will need to validate that the affected systems are no longer compromised and can be restored to working condition. Timelines should be set to fully restore operations and continued monitoring should be implemented to check for any abnormal activity.
“Without an effective cyber incident response plan, which includes specific procedures to follow, it is easy to drop the ball, leading to more damage. Identifying, containing and eradicating threats as soon as possible will help to limit the impact on businesses in a time when no company can afford to have a meltdown.”
Organisations usually move into an “IT freeze” period this time of year to focus on processing incoming commercial transactions. This makes their networks more vulnerable to cyber attacks by not updating software or patching their operating systems in a timely manner. Hackers exploit patches within a matter of days, and a proactive approach can help organisations to make it difficult for hackers to enter systems this way. Companies can’t rely solely on antivirus software for protection against threats.
“It is especially important to have an up-to-date view of the security posture of your network, know its defence capabilities and the risks to data. A company’s security posture is directly related to the possibility of a cyber incident or breach taking place. The less protection you have in place, the greater your chance is of being hacked and the greater impact a breach will have. It thus becomes imperative to take a proactive or predictive approach and to have early warning systems in place to detect potential cyber incidents. Cyber incident response is not about preventing breaches, but rather containing them to limit the damage. An internal and external vulnerability assessment of your network would be a good idea before heading into the silly season,” advises Ueckermann.
He concludes with six tips for mitigating threats over the holidays and beyond:
- Understand your risk: conduct an internal and external vulnerability assessment to know where the security gaps are in your systems.
- Stay up to date: keep hardware and software protection tools up to date.
- Educate your people: make sure that your employees are aware of cyber security risks, know your company’s policies around security, and understand your cyber incident response processes. Employees need to know how to respond in the case of a cyber security breach. They should know what actions to take.
- Implement a cyber incident response plan: this is key to managing and minimising the damage of a breach.
- Proactive monitoring: keep monitoring your systems to identify potential risks quickly.
- Learn from your mistakes: use your incident response to improve overall security. This should form part of continuous evaluation of the security posture. Knowing where your risks lie and what the impact of the risks are, is key.
AVeS Cyber Security
AVeS Cyber Security is a specialist IT Governance & Architectural services consultancy that combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 21-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the constantly evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. This year (2019), the company won four awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things. The awards include Kaspersky's Africa Partner of the Year 2019, ESET Regional SMB Sales Champion 2019, ESET Product Champion 2019, and Symantec SMB Partner of the Year 2019. AVeS Cyber Security also received three new partner statuses, namely, Microsoft Gold Datacentre Partner, DellEMC Gold Partner, and Barracuda Preferred Partner.