The Importance of Disconnecting Yourself During a Breach

9th August 2024
Daisy Corporate Services
The Importance of Disconnecting Yourself During a Breach

This blog post is part of a series of cyber incident top tips, you can view them all here.

Imagine you’re in the middle of a suspected cyber security breach. Your retained cyber security experts (which you should have in place) advise you to shut off your Internet connection(s) immediately. But do you have the guts to ask for forgiveness rather than permission? You could end up being the hero or the one out of a job. To play it safe, you escalate the issue to the appropriate levels of management. Depending on the day, time, and availability of key management, this process could take hours or even days.

Hackers, however, move much faster than this, and ransomware is everywhere…

Even after obtaining the necessary permission, are the required administrators available? During one of our incident responses, the customer’s firewalls were outsourced to a global provider, who ‘helpfully’ said they could respond ‘within the three-day firewall change SLA’. This situation required a three-minute response. Luckily, we were already on-site and could step in.

The Importance of Pre-Authorised Actions

The key takeaway here is the necessity of pre-authorised permissions for individuals within your organisation who possess the right knowledge and understanding to instigate an Internet disconnect. Additionally, it’s crucial to have personnel available who have the access and skills to execute this action promptly.

Steps to Prepare for Rapid Response

  • Retain expert support: Ensure you have cyber security professionals on retainer who can provide immediate advice and support during a suspected cyber breach. These experts can recommend effective containment strategies based on real-life risks they have previously encountered. Their experience in successfully stopping ransomware attacks through tested containment methods can be invaluable in protecting your organisation
  • Pre-authorise key personnel: It is important to identify and pre-authorise individuals who are knowledgeable and capable of making the decision to disconnect from the Internet without having to wait for management approval
  • Ensure availability: Make sure that you have a reliable on-call system in place so that you know your authorised personnel and administrators are available around the clock
  • Regular drills and training: Conduct regular drills and provide continuous training to ensure that everyone knows their role and can act swiftly in the event of a cyber breach

Real-Life Implications

The real-life implications of these preparations are significant. During an incident, every second counts. Having pre-authorised permissions and available, skilled personnel can be the difference between quickly mitigating a cyber threat and suffering extensive damage.

By ensuring that your organisation is prepared to disconnect quickly, you can significantly reduce the impact of a breach. This proactive approach is crucial in maintaining cyber security resilience and protecting your organisation’s critical assets.

Need Some Help?

For more detailed advice and support on setting up these protocols, contact us today. We can help tailor a response strategy that ensures your organisation is ready to act decisively and effectively in the face of cyber threats.

This blog post is part of a series of cyber incident top tips, you can view them all below:

Next steps...

Enquire now or request a callback

More content:

  1. Who you Should Call First During a Cyber Incident
  2. Ensure That Your Insurance Covers Cyber Incidents
  3. Beware of Automated Response Dangers
  4. Why Tabletop Exercises are Crucial for Incident Response
  5. Preparing for the Worst – Rebuilding After a Major Ransomware Attack

Talk to one of our specialists.
Call us on
0344 863 3000