THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

Transcription

1 THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

2 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step 2: Dealing with a breach 10 Step 3: Regrouping after a breach 12 Conclusion 13 A checklist for Directors

3 Continued high-profile data breaches among well-known companies has drawn attention to the critical role that directors play in cyber security. Directors of companies are increasingly aware of these events; however, they are also busy operationally in the business. Assessing the risk, improving the security profile of the company is in some cases consequently completed after a security breach. INTRODUCTION But directors are quickly learning, there is not a one-size fits-all playbook for dealing with serious data breaches. Every incident and every organization is unique. Directors realise that specialist consultancy is required to prepare for and combat cyber attacks. Consider this guide a starting point. It draws on our extensive experience helping companies prepare for and combat cyber attacks. And it provides some best practices to follow for directors that are thrust into the new and unfamiliar role of security leaders. This guide is designed to help you understand and to lead the security plan. The goal: to better protect your company s most valuable assets and minimize the damage to the company and its reputation.

4 STEP 1: PREPARING FOR A BREACH

5 Preparing for a cyber breach should be routinely reviewed by the company. You should be sure that the company understands potential weak points and are aware of the signs that networks or systems may have already been breached. A full and comprehensive discovery of all components should be completed, the result of that discovery being actioned to minimise any future breach. The company should also draw up a detailed incident response plan, outlining amongst other things, who does what when an attack is detected. Discovery starts with a workshop, meeting with key stakeholders to discuss and understand the scope of a discovery engagement. The discovery activity is completed and a risk matrix is created. The risk matrix is reviewed and actions to prepare protection are agreed. IT Hotdesk provide fully Cyber Security Services, from initial discovery to technical implementation. Our Cyber Security teams are trained to identify risk, secure and protect systems, servers, applications & communications. And to create Cyber Incident Remediation Plans. The scope of these services is determined from the initial Security Workshop. Discover Assess Mitigate

6 DISCOVER ASSEESS FIX IMPROVE REVIEW Knowledge transition from technical minded business consultants to your stakeholders. Discussion on what if scenarios so stakeholders gain awareness. Agree the scope. Utilising the Security Risk Matrix, we discuss the findings and review each item. We then develop a scope of delivery to enhance the security of your IT systems. Plan the delivery of the agreed scope. Implementation of the scope items to the environment. Test the implemented components to ensure the results mitigate the risk of any cyber security events. Develop and carry out the appropriate actions to take once a cyber security event is underway. These include response planning, communications, analysis, mitigation, and other improvements. Develop and carry out the appropriate activities to review the overall cyber security policy. The focus should be to maintain resilience for the network and protect it from further attacks.

7 STEP 2: DEALING WITH A BREACH

8 Attackers routinely compromise companies. When hit, companies need to have a plan in place to guide their response. Each incident is unique. The directors play a crucial role in overseeing the company s response to a security incident especially the communication strategy. They should act as a conduit for information between different groups within the company and external stakeholders including customers, partners, and regulators. In 69% of the incidents we responded to last year, the targeted company learned about the breach from a customer. Directors need a communication strategy in place before they face an incident. The key for the company is not to assume facts it cannot verify. Disclose only what you know. In some cases, companies have been too quick to disclose information, in the interest of openness, only to have those facts contradicted when more information came out later. As you uncover the scope and length of a compromise, you can begin to provide other details, such as the number of customers affected or potential data lost. These details should emerge from the solid facts you uncover. IT Hotdesk will play a critical role in your organisation when dealing with security events. We help companies remediate the breach and improve protection. We can also create the communication plan & assist with the copywrite of the communication out to partners, customers & suppliers.

9 STEP 3: REGROUPING AFTER A BREACH

10 Once the company has resolved the breach and kicked out the attackers, it s time for damage control both literally and figuratively. IT will usually remove any malware, reimage infected systems, and consider ways to strengthen the company s defences. Bolstering your defenses The company will need to update its security programs and processes based on lessons learned during the breach. The security board should also be involved in reviewing the incident and the response. The review should determine whether the company made the right investments in security and took the right security posture. The goal of the remediation effort is to repair and reinforce your IT Infrastructure so that breaching the network in the same way again is much more difficult. When a breach happens, shareholders and outside observers will call the company to account leaving no distinction between directors and employees. Both must communicate professionally and with candour to reassure. The company needs to explain how it is improving its security posture to prevent the breach from reoccurring. Work with your public relations team to ensure your public statements are consistent, accurate, and properly timed. While measuring the impact of a breach on a company s reputation can be hard to quantify. It is safe to say that being attacked is not a positive image to portray.

11 CONCLUSION Over the last year or so, cyber security has become a board level issue. In the past, companies that complied with the applicable rules could withstand public scrutiny when they suffered a breach. That is no longer the case. Investors and regulators are holding businesses to higher standards. Where money and secrets go, attackers quickly follow. As companies get more connected to their customers and their partners, they have created new opportunities for attackers to compromise their systems and steal valuable data. You need to plan, you need to work with an IT partner that can handle the incident, give you professional advice and resolve the incident whilst always improving your protection. Cyber security breaches threaten your interests today. Forcing the company into situations they would rather not be in. Fortunately, there are reasonable steps and best practices that directors can adopt before, during, and after a breach to ensure they fulfil their responsibilities to protect the company and their shareholders. To learn more about how you and your fellow directors can help prepare for, respond to, and rebound from cyber breaches, visit or call our Cyber Security Team.

12 CHECKLIST FOR DIRECTORS

13 BEFORE AN INCIDENT Stay current on the latest threats and cyber security best practices. Research, design, and deploy security technology. Consider access control, data security, training, processes, and procedures. Ensure the response plan covers communications, analysis, mitigation, and other critical tasks. Obtain liability insurance specifically covering cyber security risk for directors and officers as well as for the business. Designate a Security Group tasked with cyber security responsibilities. Establish links between them and the directors. Develop and deploy the appropriate systems to identify a cyber security event as soon as possible. Run practice drills to test the plan and revise it as needed Identify the firm s security posture and the risks to the company. Assess the company s systems, assets, data, and capabilities. And identify risks unique to you. Create an incident response plan that lays out who reports to whom. Build in contingencies in case some people are unavailable at the time of an incident. Establish a recovery plan to restore any capabilities or services impaired by a breach and to protect the company from further attacks.

14 DURING AN INCIDENT Oversee the incident response with the Security Team. Serve as a conduit between them and the company and external stakeholders including customers, partners, and regulators. Understand that news of the incident usually comes to the company from outsiders, such as law enforcement or partner companies. Keeping the event under wraps is no longer very likely. Work closely with your legal counsel and public relations team to advise them about how to disclose incident details, especially news to the media. Don t disclose facts until they ve been verified. Stay in touch with your response team to assist as needed during response and through remediation

15 AFTER AN INCIDENT After a breach has been repaired, intruders ejected, and systems restored, assist in damage control to fix the company s infrastructure and reputation. Review incident response to assess how it went. Identify weaknesses in equipment, systems, and procedures to determine where to make improvements With guidance from your legal counsel, determine how to make customers whole if their data was exposed or stolen. Improve protection of areas identified as weak. Disclaimer: The information presented here is not meant to constitute technical advice. Every situation is unique; this guide is not a substitute for experienced cyber security expertise. IT Hotdesk strongly recommends consulting security professionals when mapping out a cyber defence strategy and responding to incidents.

16 IT Hotdesk have a team of Cyber Security specialists. They keep themselves up to date with the latest cyber security threats and work to advise and protect our customers from these threats. We are a leading Technology company based in Aberdeen, Glasgow, Edinburgh & Leeds. We support & manage our customers' IT systems and deliver new systems using Hardware, Software, Virtualisation & Cloud Computer technologies. IT HOTDESK Our customers range from local small businesses to international companies; they look to us first to provide advice, insight, recommendations & support. We are a customer-focused company that brings together the right people, processes and technology to transform our customer s business initiatives. From individual IT services to a total IT outsource; we get to know your challenges and design the right solution for you. For more info visit info@ithotdesk.com or call our sales team on IT Hotdesk Ltd 23 Abercrombie Court Arnhall Business Park Westhill Aberdeen AB32 6FE sales@ithotdesk.com IT Hotdesk Ltd. All Rights Reserved.