It’s imperative firms have systems in place to prevent an attack in the first place – as well as defined procedures to follow to contain the damage in the event cyber criminals do hack the system.
Kitson Ho is in charge of cyber security at Steadfast. Kitson says there’s an established procedure businesses should follow called CRIED if they have been hacked. “This outlines the first steps you should take when you have been hacked,” he explains.
CRIED stands for:
1. Contain the incident.
2. Reduce Impact.
3. Eradicate the threat.
4. Document the threat.
“Always focus on the C before anything else; don't do anything unless you're fully confident you've contained the incident,” says Kitson, who explains sometimes this is as simple as isolating the infected computer or computers and ensuring it’s no longer connected to the network by unplugging it. This ensures the threat won’t spread to other computers on the system.
“Make sure everyone understands what a phishing attack is, what a virus looks like and what to do in the event of an attack”
“Once you have identified the threat and you’re confident it can no longer cause damage, look at actions you can take to reduce the impact so your business can continue. This may be getting the information from the latest backup.
“Make sure you don’t jump straight to step three to just eradicate the threat. Many businesses forget to first contain the threat when they find one. They may try to stop the virus by running a virus scanner but ignore the fact it could be spreading through the business. So make sure steps one and two are followed before you do any eradication activity,” Kitson says.
Once it’s time to eradicate the threat, run a malware cleaner. You may need to pull the hard drive out of the infected machine and put a new one in to make sure the threat is removed.Finally, it’s important to document what has been learned from this process. This is known as a post-incident review. Record what happened and what was done to stop the threat and fix it.
The next two parts are very important. Work out and note what can be done to reduce the likelihood of a similar threat infiltrating the business in the future. Then assess what can be done to reduce the impact of future attacks on your business. “The aim should be on always improving your system’s security,” says Kitson.
Risk mitigation to prevent an attack
The National Institute of Standards and Technology (NIST) has developed a cyber security framework businesses can use to help mitigate the potential for an attack in the first place.
“The NIST framework gives you a guide to improve your security posture. It's like a roadmap you can use to protect yourself against cyberattacks such as hacking,” says Kitson.
There are three elements of the plan on which businesses should focus on as a priority. First, ensure everyone in the firm knows the role they play by developing and communicating clear guidelines around building a cyber safe culture. Make sure everyone understands what a phishing attack is, what a virus looks like and what to do in the event of an attack, such as taking the computer off the network if it becomes infected. Training is the key.
Secondly, ensure everyone uses multifactor authentication for any application that provides it. This means a user has to provide at least two forms of authentication to get access to the application. Finally, ensure software on all devices is continually updated.
While it’s essential to focus on the steps you can take to prevent an incident, there’s also a role for cyber insurance as a third step should the business suffer an attack. This will help meet costs such as paying for public relations services to assist the business to manage any reputational damage after an attack, as well as pay for specialist IT services to restore any backups.
The idea is to take a multi-pronged approach to prevent an attack in the first place and ensure the business has a number of lines of defences to support it to recover after one.So talk to your Steadfast broker to ensure you have the right insurance in place so that in the event of a claim, you should be properly covered.
Important note - the information provided here is general advice only and has been prepared without taking in account your objectives, financial situation or needs. Steadfast Group Ltd (ABN 98 073 659 677, AFSL 254928)
This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date the article is written as specified within it but is subject to change. Steadfast Group Ltd and Steadfast Network Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.