Companies suffer from cyber attacks every day, testing their defenses and their preparation. How to respond to a cyber attack is a key step in reducing damage or fallout from these attacks.
A poor response can result in harming your reputation, loss of life or injures in the event of an OT attack, loss of money, or all of these things. While avoiding attacks by establishing a Zero Trust-level defense should be your goal, you need to prepare for the event that something happens.
To borrow from the Zero Trust mindset – you must always assume a breach has happened or will occur. In that case, knowing how to respond to a cyber attack is an important step in achieving your Zero Trust mindset and preserving the future of your organization.
Responding to a Cyber Attack
Having an incident response plan should be something you have clearly defined from the beginning. The last thing you want is to be outlining how to respond to a cyber attack as it is happening. This will result in confusion, poor communication and loss of critical time and information that can help contain the current attack or prevent the next one.
This response plan will include people, processes and technologies that you will rely on to act quickly and confidently when responding to a cyber attack to mitigate further damage. With this in mind, we’ll cover the important pieces below that you need in place to make sure your response to a cyber attack is effective.
Develop Your Incident Response Plan
When responding to a cyber attack, you want a designated crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business.
Additionally, you want to make sure you know who in law enforcement you should be contacting and they know who you are as well. This will include anyone from the local police up to the FBI, depending on the type of threat.
Next, you’ll want to assure the availability of key personnel. Not only should your personnel be identified and know what their role is for responding to a cyber attack, you must make sure they are available to respond. You may also need to identify means to provide surge support for responding to an incident.
You must be ready to act decisively. Identifying your team, making them aware of their roles and practicing your response plan will ensure you know how to respond to a cyber attack. Time is critical when responding to a cyber attack, as even small mistakes or confusion can cost you greatly.
Know How to React to a Cyber Attack
In addition to planning your team, your plan must consider and account for the various types of attacks you could receive. Practicing responses to these attacks and knowing what to do for each will help you remain confident and act decisively when responding to a cyber attack.
If you suffer a DDoS attack, you should know the proper steps and procedures, such as contacting your ISP and telling them you’re under attack or recognizing that it could be that the attackers are trying to break in during this attack. Look at the machines that were under attack and examine them carefully.
However, if it’s a malware attack, unplugging the machine and removing the disc drive, then isolating and removing the files is a better response. If you suffer a trojan attack, removing the infected system out of your network to contain the virus should be your action.
Your goals will always be to isolate, to contain and to stop the spread of the threat, while preserving the evidence and documenting exactly what you did and when. Any response must be controlled, planned, audited and have a clear and complete set of logs of all human activity, dates, times and responses from that activity.
This provides clear guidance to more than the person remediating the attack, it also shows all resources from internal, contracted third party and government, about what was done, how, by whom and the order of events and their associated actions. Of course, the control of access to affected assets is critical to forensic understanding of the adversary and your response execution.
Preparing Your Defenses
While knowing how to respond to a cyber attack is critical to reducing unwanted outcomes for your business, preventing them in the first place is your most ideal step. That’s why we discuss how to achieve Zero Trust and have maturity models based around its architecture. It’s also why our cybersecurity platform is ready to help you enable a Zero Trust architecture.
If you need assistance in attaining this level of security or don’t know where to start, you can talk to us here to learn what you can do to increase your security.