This blog post is part of a series of cyber incident top tips, you can view them all here.
Imagine you’re in the middle of a suspected cyber security breach. Your retained cyber security experts (which you should have in place) advise you to shut off your Internet connection(s) immediately. But do you have the guts to ask for forgiveness rather than permission? You could end up being the hero or the one out of a job. To play it safe, you escalate the issue to the appropriate levels of management. Depending on the day, time, and availability of key management, this process could take hours or even days.
Hackers, however, move much faster than this, and ransomware is everywhere…
Even after obtaining the necessary permission, are the required administrators available? During one of our incident responses, the customer’s firewalls were outsourced to a global provider, who ‘helpfully’ said they could respond ‘within the three-day firewall change SLA’. This situation required a three-minute response. Luckily, we were already on-site and could step in.
The Importance of Pre-Authorised Actions
The key takeaway here is the necessity of pre-authorised permissions for individuals within your organisation who possess the right knowledge and understanding to instigate an Internet disconnect. Additionally, it’s crucial to have personnel available who have the access and skills to execute this action promptly.
Steps to Prepare for Rapid Response
- Retain expert support: Ensure you have cyber security professionals on retainer who can provide immediate advice and support during a suspected cyber breach. These experts can recommend effective containment strategies based on real-life risks they have previously encountered. Their experience in successfully stopping ransomware attacks through tested containment methods can be invaluable in protecting your organisation
- Pre-authorise key personnel: It is important to identify and pre-authorise individuals who are knowledgeable and capable of making the decision to disconnect from the Internet without having to wait for management approval
- Ensure availability: Make sure that you have a reliable on-call system in place so that you know your authorised personnel and administrators are available around the clock
- Regular drills and training: Conduct regular drills and provide continuous training to ensure that everyone knows their role and can act swiftly in the event of a cyber breach
Real-Life Implications
The real-life implications of these preparations are significant. During an incident, every second counts. Having pre-authorised permissions and available, skilled personnel can be the difference between quickly mitigating a cyber threat and suffering extensive damage.
By ensuring that your organisation is prepared to disconnect quickly, you can significantly reduce the impact of a breach. This proactive approach is crucial in maintaining cyber security resilience and protecting your organisation’s critical assets.
Need Some Help?
For more detailed advice and support on setting up these protocols, contact us today. We can help tailor a response strategy that ensures your organisation is ready to act decisively and effectively in the face of cyber threats.
This blog post is part of a series of cyber incident top tips, you can view them all below:
- Tip 01: Taking advantage of ransomware’s biggest secret!
- Tip 02: Securing your backups from vulnerabilities
- Tip 03: Beware of automated response dangers!
- Tip 04: The importance of disconnecting yourself during a breach
- Tip 05: How to integrate your anti-virus protection with SIEM
- Tip 06: Ensure that your insurance covers cyber incidents
- Tip 07: Preparing for the worst – rebuilding after a major ransomware attack
- Tip 08: Who you should call first during a cyber breach
- Tip 09: Hold onto the evidence – why securing system logs is essential for cyber incident response
- Tip 10: What you need to know to make sure your penetration testing is effective
- Tip 11: Why tabletop exercises are crucial for incident response
- Tip 12: Famous last words – misconceptions before a major cyber breach