Skip to main content

“It Won’t Happen To Me”: A Guide To Incident Response Planning

Published on 29/05/2018

Cyber attacks and breaches can happen to any organisation at any time, causing significant damage. Therefore, it is essential that your incident response plans are effective enough to respond to, contain and eradicate a breach as quickly as possible, limiting their impact.

Whether your organisation is looking to prepare business continuity and disaster recovery plans to deal with potential cyber attacks or has suffered a breach and you need to remove the threat and repair the damage, SES can provide both proactive and reactive measures to support you before, during and after an incident.

Proactive Measures 

We have entered into an era where malicious individuals and organisations are probing and attacking businesses on a daily basis and it is no longer acceptable to assume yours won’t be breached. As the tactics, tools and techniques these malicious actors use are becoming more advanced, you need to ensure you’re prepared for cyber criminals to breach your defences and have plans in place to minimise the damage and disruption they can cause. 

Creating a robust business continuity and disaster recovery plan is essential to help you prepare for these attacks. Providing you with a clear strategy to follow and enabling you to locate and remediate the situation swiftly and successfully. However, in order to create an effective business continuity and disaster recovery plan there are a few steps you need to take.

The first is to review your business critical assets and data and prioritise protections accordingly. This will ensure that you can put maximum protections on your most critical assets and data, limiting the damage a potential breach or cyber attack can cause. SES can conduct a risk assessment to help you with this and can also provide recommendations on detection methods and preventative controls to improve your organisations defence against malicious threats. 

Another proactive measure you can take to defend against potential threats is to educate and train your staff to identify and defend against cyber threats. This includes identifying phishing calls or emails and distributing security related information to improve your organisations in house knowledge of cyber threats and how to defend against them. 

Reacting to a breach or attack. 

In the unfortunate event your organisation does get breached it is important to have a clear plan of action in order to resolve the situation quickly and effectively. 

SES recommends that your incident response plan follows these five steps: 

1. Isolate the affected area – Not only does this enable you to stop the attack spreading to other areas of your organisation and creating more damage, it also enables you to investigate how the incident has occurred and to identify how to remediate the issue. 

2. Audit to gain an understanding of what’s happened – Once you have isolated the affected area it is important to conduct a full audit to gain a clear understanding of what has happened and the tactics, tools and techniques used to gain access. SES’s forensic analysis can help you do this and in certain circumstances can also help you recover lost data.

3. Remediate the issue – The next step is to remediate. Start by patching your defences and eradicating any malicious software from your network. Once the threat has been contained and removed, implement additional security to prevent further attacks.

4. Verify that the issue is resolved – In order to ensure that the issue has been successfully resolved, it is essential that you re-test your security using the same methods which were initially used to breach your organisation. This will verify that the weakness has been patched successfully.

5. Reconnect your services – Now you have tested and verified that the exposed weaknesses have been remediated, you can take you systems back online and resume operation.

Whether you are planning your risk mitigation and disaster recovery strategy or have been the victim of an attack, SES can provide expert assistance in identifying malicious incidents, ensuring proper containment, safe eradication of malicious software and swift recovery of your systems and data to bring your business back online.

To speak to SES about you risk mitigation and disaster recovery requirements in more detail,  please get in touch and one of our specialists will get back to you within one business day. 

 

© Financechain Limited trading as SES and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.

Speak to a specialist

Please use the form below to get in touch, one of our specialists will get back to you within one business day.