For many business leaders, cyber-attacks are no longer abstract events that happen in faraway countries. The risk couldn’t be more real for Kiwi organisations – we only have to look at recent events here in Aotearoa, such as the Pinnacle Health breach, to understand that cyber-crime doesn’t respect international borders.
When you take in the sheer volume and scale of attacks occurring globally it’s easy to get overwhelmed. Recent research conducted by Check Point found that global attacks increased by 28% in the third quarter of 2022 compared to the same period in 2021, bringing the average weekly attacks per organisation worldwide to over 1,130. Unfortunately, it’s incredibly difficult for our local authorities to thwart these criminals, as many operate from jurisdictions beyond our own.
Businesses may lose sight of what is important when faced with such dizzying stats, but while we may not be able to do anything to reduce the actions of malicious hackers, we can certainly do our very best to prepare ourselves should the worst happen.
A well-prepared organisation will bounce back more efficiently in the event of a cyber-attack – with smarter usage of their time and resources. An organisation that fails to prepare properly is at real risk of botching its recovery. They may end up paying for further disruptions and reputational damage as they struggle to get their business back on track.
A plan is key
The first step in preparing for a cyber-attack is preparing an Incident Response plan. A document that covers roles, responsibilities and key processes is the key ingredient to ensure a cyber event is well managed.
When building your plan, focus on key tasks and scenarios that are likely to take place, and factor in who will manage these, and how. For example, who will be the technical lead in your response? Which customers and stakeholders will you need to communicate with? How will you keep staff informed? Do you have specialists that can support you, such as a digital forensics, cyber security or legal firm?
There are plenty of good guides to support you in building a plan – if you haven’t already built one, use a guide like our Incident Response checklist to help you cover your bases.
Rehearse for the worst
Fire drills are commonplace in most organisations in New Zealand – breeding muscle memory of exits and escape routes, so that should a real fire occur, everyone knows exactly what to do. The same logic applies for a cyber-attack. Rehearsing your plan, whether in a full simulation or a simpler tabletop exercise, is an incredibly valuable way to test and evaluate your plan, while building confidence in your team’s roles and responsibilities.
Make sure all your key personnel are involved in your simulation or exercise – from the board, down to your IT teams and comms leads. Setting this expectation from the top will ensure your response goes to plan in the event of an actual cyber incident.
When practising your plan, take the time to work through some likely scenarios and agree on what outcomes you’d choose. For example, would you be willing to pay a ransom to a cyber-criminal? Who will be your spokesperson should you need to front the media? Answering these questions in advance as a team is preferable to making these decisions in the height of a crisis.
Empower your organisation
It’s vital to remember that should your business be struck by an attack, it’s not your fault – like a natural disaster, these things can happen even if your cyber security defensive controls are strong and regularly tested. But by changing your mindset to prepare, rather than just react, you can empower your organisation to spring into action and manage any incident as efficiently as possible.
If you need further support to refine your Incident Response plan, or engage in a simulation or tabletop exercise, talk to your Kordia account manager about how our Incident Response practice can support you.