By Vijay Bharti, Vice President & Head of Security Services, Happiest Minds.
Given the rising frequency of increasingly malicious and innovative cyber-attacks organisations have to be prepared and proactive. It is no longer a question of 'if' but 'when' your organisation will have to deal with a cyber-attack.
The cost of a cyber security breach is significant—in terms of money, business disruption and reputation. Depending on the magnitude of the attack, a cyber incident can potentially put you out of business.
According to UK government research, two-thirds of UK big businesses have been hit by a cyber attack in the past year. UK telecoms group Talk Talk suffered a high profile attack in October 2015 when hackers stole personal data from customers. According to Talk Talk, the cyber attack it suffered wiped £15 million off trading revenue as well as forcing it to book exceptional costs of £40m - £45m, and losing it up to 101,000 customers.
The best course of action for a business that is attacked is a swift and effective response. A cyber security strategy with efficient incident response (IR) capabilities coupled with customer engagement initiatives helps limit the damage and ensures that the business is back up and running as soon as possible. It's also important to reach out and engage with customers following to regain customer confidence.
An effective IR strategy navigates the following five phases:
Information on events is collected from various sources such as intrusion detection systems and firewalls, and evaluated to identify deviations from the normal. Deviations are then analysed to check if they are sufficiently significant to be termed an event. The use of automation tools ensures swift detection and eliminates delays in moving to the next phase, containment. Once a deviation is identified as a security incident, the IR team is immediately notified to allow them to determine its scope, gather and document evidence, and estimate impact on operations. Businesses can bolster this process by incorporating an effective security information and event management (SIEM) system into their overall cyber security strategy.
Once a security event is detected and confirmed, it is essential to restrict damage by preventing its spread to other computer systems. Preventing the spread of malware involves isolating the affected systems and rerouting the traffic to alternative servers. This helps limit the spread of the malware to other systems across the organization.
This step focuses on the removal of the malware from the affected systems. IR teams then conduct an analysis to find out the cause of the attack, perform a detailed vulnerability assessment, and initiate action to address the vulnerabilities discovered to avert a repeat attack. A thorough scan of affected systems to eradicate latent malware is key to preventing a recurrence.
In the restoration stage, affected systems are brought back into action. While bringing the affected systems back into the production environment, adequate care should be taken to ensure that another incident does not occur. Once these systems are up and running, they are monitored to identify any deviations. The main objective is to ensure that the deficiency or the vulnerability that resulted in the incident that was just resolved does not cause a repeat incident.
This is the last step and entails a thorough investigation of the attack to learn from the incident and initiate remedial measures to prevent the recurrence of a similar attack. IR teams also undertake an analysis of the response to identify areas for improvement.
Protect your organisation from attack
What enterprises need now are effective cyber security solutions to monitor and provide real-time visibility on a myriad of business applications, systems, networks and databases. There has been an increasing realisation that basic protection tools for important corporate information are no longer sufficient to protect against new advanced threats. Furthermore, enterprises are under tremendous pressure to collect, review and store logs in a manner that complies with government and industry regulations.
Countering focused and targeted attacks requires a focused cyber security strategy. Organisations need to take a proactive approach to ensure that they stay secure in cyber space and adopt a robust cyber security strategy.