How To Prepare For A Cyber Attack
Published (updated: ) in HumanOps, Security.
Originally written for HuffPost.
Cyber security is no longer something that can just be swept under the rug: recent cyber attacks in the UK have shown that no one is immune. The stats are worrying – in 2016, two thirds of large businesses had a cyber attack or breach, according to Government research. Accenture paints a bleaker picture, suggesting that two thirds of companies globally face these attacks weekly, or even daily.
If you run a website, it’s likely you know how prevalent cyber attacks can be in the private sector. Unfortunately most businesses aren’t up to speed with how to mitigate the damage if an attack occurs – in fact, the Government’s 2016 cyber security breaches survey discovered only a third of the firms surveyed has cyber security policies in place, and only 10% had an emergency plan.
This lack of awareness and preparedness is strange, considering a recent pollshows that the annual cost of cyber security incidents to UK companies is over £34bn. It’s not a matter of if, but of when, so read on to learn what your priorities should be when it happens to you.
There’s no predicting when a cyber attack might come, whether it be in the form of a DDoS, a virus, malware, or phishing. It’s therefore important to be constantly vigilant, and prepared for incidents when they do occur.
A key first step is to create a well-structured recovery plan. For example – most people think that making regular backups will suffice, but they often fail to take into account that these backups may be corrupted – a recent example of this was GitLab’s high-profile data loss incident. You should be running regular tests on these backups so that you can restore your systems.
While it may seem self-evident, making a checklist is incredibly helpful. Everyone gets stressed and forgets things under pressure, and suffering from a cyber attack is no different. Every company should have a list of key tasks to undertake during and after an attack, and each of those tasks should have a clear owner. By being prepared, you minimise the risk of unforeseen complications causing further damage.
Test your plan with regular simulations and practice runs. If you can simulate a situation, it’ll be easier for you to react when the time does come. For example, a DDoS attack may begin with a monitoring alert to let you know your application is slow. Your checklist would start with the initial diagnostics to pinpoint the cause, but as soon as you discover it is a DDoS attack then the security response plan should take over. You need to make sure that the on-call team know how to escalate to the security responders, and that those responders have all the tools they need to handle the issue (of course, they may be the same people in smaller teams). This may involve letting other, more senior members of staff know, as well as requesting the appropriate assistance from your security vendors. Your plan should include steps to document everything, assigning responsibilities along the way. Nobody should be unsure of what their job is.
Communication is key. Your response teams should be properly briefed on policies for announcing the problems both internally to the relevant teams inside your company as well as out to customers. Consistent messaging with regular updates is important to avoid confusion. This will prevent a greater loss of trust from your stakeholders and customers.
IT staff are people, too
With the rise of the SaaS products we’ve become so accustomed to being several stages removed from underlying systems we often forget that there are people behind the scenes keeping everything running. Every system, no matter its size, has a group of IT workers who have to deal with security issues at all times, but especially so when the system breaks.
Humans make mistakes. Amazon’s recent AWS S3 outage shows that – swathes of the internet were taken offline due to one programmer’s typo. There’s an unfortunate trend within the developer community to be ‘sysadmin superheroes’, and this is counterproductive. Sysadmins are plagued with stress and fatigue like everyone else, and ignoring this can lead to dangerous situations. Cyberattacks and security issues will place tremendous stresses on your IT workers. This can be counteracted with general awareness campaigns.
Recognising that humans build and fix systems is important for everyone’s wellbeing, and movements like HumanOps can help. Humans are subject to emotions, and it’s important to adapt and adjust expectations on a business level. This should make employees more productive, as well as create an improvement in their work-life balance.
Keeping your website up & more
It may be standard industry policy to focus on basic site uptime as a main metric to assess security, but a cyber attack might be more subtle than simply taking your whole website down.
Website defacement is very common, and it can really affect a company’s reputation. Part or the whole of a website’s content is changed by hackers externally, often with a negative outcome. One recent example is Google Brazil, whose systems were hacked by a single individual early this year. This goes to show that no company is secure in an age when cyber attacks are everywhere.
One way to protect yourself from this kind of attack is by investing in feature-rich monitoring tools. Some tools can tell you more about your page than if it’s up or not – rather, they can tell you when there are changes to pages, errors or even if the site is suddenly being redirected.
A cyber attack can cause a lot of panic, but with these suggestions in place, you should be able to avoid extended downtime and significant financial damage. Having a plan in place will lead the way for what to do in an emergency, as well as reduce confusion. You may not be able to prevent a cyber attack, but you now have everything in your hands to survive one.