United States: The Anatomy Of A Cyber Attack: Prevention, Response And Postmortem (Part 1 Of 6)

PREVENTING A CYBER ATTACK (Part 1)

Cyber-attacks can impact any business regardless of size, sector, or level of cyber security. The best way to minimize damages from a cyber-attack is to plan ahead and prepare for a possible attack. Forward thinking can minimize damages and shorten the process of recovery from a cyber-attack. The following suggestions are important steps that every business should take to prepare for a cyber-attack.

1. Identify the Crucial Assets and Functions

When determining how to secure a business against cyber-attacks it is important to first identify what parts of a business's operation are most vital to its success. These components should receive the most attention to ensure that the business is able to function as close to normal as possible during an attack. For example, if communication with clients is the key component of a business's operation, its ability to send and receive email would be the most important segment for protection. Additionally, if a business's core strength is its ability to store and retrieve data, the security surrounding the business's data storage system should receive the most attention. Once the business's core operations have been identified, attention can be focused accordingly.

2. Create an Response Plan

A business should plan the steps that it will take once a cyber-attack occurs on its system. By creating an Response Plan before an attack occurs organizational leaders are able to address all possible responses and discuss different options without the external pressure of an existing cyber security threat. It should provide clear directions and action items for each individual involved with the plan. The Response Plan should be discussed and explained to any employee who may be impacted by it. It is important that the plan be routinely modified and updated as business assets and key personal change. Testing the plan by using a fake cyber-attack will allow the deficiencies in the plan to be exposed and corrected before a credible threat occurs. The Response Plan should include the following items:

• the responsibilities of each individual involved with the Response Plan;
• how individual involved with the Response Plan should be contacted;
• which business operations should receive the most attention during an attack;
• the procedures to determine if clients should be notified of the attack;
• the procedures for notifying law enforcement or cyber security support; and
• the ways to preserve evidence of the cyber-crime for law enforcement.

3. Install Appropriate Technologies and Services

Businesses should purchase and install the appropriate level of defense systems that fit its needs and supports its Response Plan. These systems may include off-site data backup, data loss prevention systems, devices for traffic filtering, and programs to detect intrusions. These technologies should be routinely tested as part of the Response Plan.

4. Obtain Authority for Network Monitoring

A business is typically allowed to monitor its own network if it has obtained prior approval from the network users. This can be accomplished by a "banner" or warning message when users log onto the network stating that it is being monitored. Consent can also be obtained during employee training programs and disclosures in the organization's Employee Manual. Once a business has the authority to monitor its own network, it is more equipped to detect and respond to cyber incidents in real time.

This is part one of a six-part series discussing the best practices to prevent cyber-attacks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.