Last week’s Ransomware attacks were a salutary lesson in what happens when basic steps aren’t taken. Basic computer hygiene, like patching Operating Systems and Applications; isolating vulnerable machines and installing up to date Anti-Virus will prevent most ad-hoc and opportunist malware like the WannaCry ransomware but the reality is that it’s really difficult to prevent a well-crafted bespoke attack. So what can be done when your network has been infected despite having all the basic protections in place?
Although the details will change dependant on the type of infection, the basic steps are fairly constant and in simple English are to find out what’s happened, stop it spreading, get rid of it making sure it won’t happen again then restore operations. Identifying exactly how all of this will be implemented is detailed in an Incident Response Plan.
Writing one is part of the basic computer hygiene steps every organisation should undertake. There are a whole slew of organisations that publish guides detailing what needs to be done. Particularly good ones are the US National Institute of Science & Technology’s (NIST) Special Publication 800-61 Computer Security Incident Handling Guide from which our graphic was taken and the various guides from the SANS Institute including their ‘Incident Handling Process for Small and Medium Businesses’ and their ‘Incident Handler’s Handbook’.
Once you have written your Incident Response Plan, tailored it to your own business, ensured you have the appropriate skills and personnel and then practiced putting it into effect, recovering from even a serious security incident will be achievable. It will still be painful but it can be done. Statistics suggest that 60% of businesses which get attacked and don’t have an Incident Response Plan will go out of business within 6 months whilst 70% of businesses with a well-practiced plan will survive.
If you don’t have a Cyber Incident Response Plan yet, then you really should think very hard about getting one now. Because another thing that WannaCry taught us is that it’s not if, it’s when.