A new report by BSI's Cybersecurity and Information Resilience division stated that 73% of organisations are worried about security. However, one in six have no plan in place, and a third conduct no type of security testing.
We hear about cyber-attacks almost every day in the news. With the rate of cybercrime increasing, businesses are now asking the question of ‘WHEN’ not ‘IF’ a cyber-attack will occur.
Hackers are continuing to find new ways to exploit their next victim and a persistent intruder can be hard to keep out. Fortunately, there are ways you can prepare your staff for a cyber-attack and to help minimise the damage done. Remember, a cyber-attack will cost you more than your money - your reputation is on the line too.
Interested in finding out about Cyber Security best practices? Download our FREE White Paper >>
-
Practice drills
Carrying out a cyber-drill is one of the best ways to prepare. It enables you to enact procedures in real action and helps you to identify where the gaps in your current plan are. We practice every other drill such as a fire or intruder that might happen in the workplace, so why not cyber-drills? Rehearsals and drills are a part of life, yet many choose not to practice one of the top business risks in today’s digitally connected society.
There are many tools in the present day that simulate an attack, allowing you to review results and take action. Here are some simulation tools to consider:
- Infection Monkey – An open source tool where an automatic attack simulation can be run for things such as credential theft, misconfiguration and compromised assets. It gives a free report and allows organisations to test their infrastructure if they’re running in the Cloud.
- Threat Cop – As a flagship product of Kratikal, it is a security attack simulator and awareness tool. It provides real-time simulation of all the latest cyber-attacks targeted to the people of an organisation and then allows analysis to improve employee vulnerability scores on a regular basis.
- Knowbe4 – A platform for security awareness training and simulated phishing tests which focus on the problem of social engineering. Organisations are able to select a phishing template and landing page, then after the simulation users are shown which red flags they missed. Within 24 hours a PDF is emailed which provides stats and charts to share with management.
Having a well thought-out plan that has been practiced will give your staff experience in dealing with an attack, helping to mitigate the potential damage. In a recent blog we speak about the do’s and dont’s after a cyber-attack. You can read more about what to do if your business is hacked here.
-
Dedicate an incident response budget
The financial costs of a cyber-attack are expensive and can have a serious effect, especially on smaller businesses. One of the main factors that plays a major part in the rise of costs is the length of the attack- the longer it takes, the more expensive it gets. New data has revealed that in 2018, businesses experienced a downtime average of 67 minutes per attack, and each successful attack costed over £140,000, which worked out at an average cost of £2,140 per minute!
When an attack happens, there will be aspects that you may need to pay for. This could include funding external specialists or paying the ransomware demands. An incident response budget that is only used in the event of a cyber-attack will enable you to promptly and effectively respond in the best way possible.
-
Stay Informed
Each of the different types of attack require a different response, therefore, it always pays to stay up-to-date with what’s happening the cyber world. To do this take time to go to security focused events and subscribe to mailing lists for information.
Furthermore, keeping up with the latest threats will mean that you can anticipate the likely threat you will face. Attackers are constantly evolving and the type of attack or way it happened a month ago could be completely different to the one you face. You will want to have a clear understanding of attacks and be well prepared when one occurs.
-
Train staff
You are only as strong as your least informed employee. Attackers will have been eagerly looking at what employees have weak passwords or who will fall for a phishing or social engineering when they carry out the breach. Go to the effort of informing your employees on the procedure they would need to follow if this were to happen.
Interactive training sessions are great for educating employees on cyber security best practices. They get employees involved and passionate about what they’re learning about and create a team atmosphere. Consider getting an outsourced professional in to carry out the sessions as they are able to give additional expertise on attacks.
Having your employees aware of your procedures and policies will help them feel prepared in the event of an attack. To keep them informed, look at getting regular emails sent out or posters put up around the office.
-
Consider an outsourced team
While you may want to keep your security team based in-house, having the additional support of an outsourced team can be beneficial when an attack happens. They have not only faster response times and a larger budget but can offer additional insight and experience. Cyber-security jobs are also in massive demand, so being able to find a ‘pro’ in-house to deal with your security and attacks can be difficult and costly. End-to-end security monitoring services are a viable option for businesses without massive budgets.
If your business were to be hit by a cyber-attack tomorrow, would you and your staff be prepared?
Why not take the next step and read our Cyber Security White Paper? You can download it here >>
