You have firewalled off the network and encrypted the data. You have delivered the training and analyzed the threats. Now that your organization has taken measures to prevent a cyber incursion, how will it respond when a virtual disaster strikes?
And they will strike. Despite an organization's best-laid plans, cyber attacks happen. No security plans are 100 percent effective; so just as organizations need to embed preventative measures, they must also give thought to the specific actions they will take following a digital incursion.
To be fair, reaching an optimal balance between securing one's systems and designing an iron-clad incident response program can be a challenge. That's where securing the right intelligence, industry partnerships, and an informed post-incident strategy can increase the odds of survival.
The minutes, hours, and days following a cyber attack are critical. It's in these stressful moments, however, where threat intelligence can bring clarity to chaos and give organizations a head start in their incident response strategy.
What is threat intelligence? It's about having the tools and expertise to identify what makes your organization a target for cyber threat agents, where they are most likely to strike, and what they are most likely to do. With these insights at the ready, organizations can predict threats, determine the best defensive strategies, and react quickly in the aftermath of an event.
Intelligence is power, but it's nothing without action. When a cyber event strikes there are several things an organization can do to land on its feet.
Remember that the way in which you communicate during these times will also determine how quickly you will recover and your reputational damage. To that end, be crystal clear in what you know, what you don't know, and what you are doing to resolve the situation.
Sharing information: Industry leaders and public-sector agencies are coming together in defense of cyber attacks. Canada's Communication Security Establishment has a tool that organizations can install to identify malware and share that information with government agencies, who then passes that knowledge along to others. The RCMP has a similar program that collects incident data and shares lessons-learned with critical infrastructure providers. Consider linking to these partners and peers within your industry to share knowledge and build a united front.
Imagine waking up the morning after a cyber attack to find your organization has made the front page. Now imagine what you would like that headline to read. Will it be about a company that has been hacked but has a plan in place to mitigate the damage, or one about a company that was caught off guard and is now scattering to form a strategy?
Naturally, you would choose the former; and that requires a strong incident response plan, informed by accurate threat intelligence, and tested consistently by all members of the organization. Herein, conducting regular tabletop exercises, conducting ongoing security control assessments, and learning from past events can keep your incident response plan up-to-date and ready to respond to virtually anything that comes your way.
After all, disasters can – and will – happen. And it's in those dire moments after a cyber attack where having access to the right partners, resources, and a proven plan of action can clear the way to recovery.