As we mentioned in a previous post, statistics are indicating that it’s now about when rather than if your organisation will become the victim of a cyber attack. With this in mind, many firms, including SES have shared plenty of advice and guidance on the measures you can take to either prevent an attack or the steps you need to take once an attack has taken place. But what happens next?
Information regarding what to do once a cyber incident has been remediated is a lot harder to come by. Ideally, at this stage SES would recommend you take the opportunity to perform a post incident review. Analysing exactly what led to the cyber incident occurring and strengthen your defences accordingly.
Analysing performance to identify where things went wrong is essential in all aspects of working life, but especially important when it comes to strengthening your security. Malicious individuals are always probing for weaknesses to exploit, so regular reviews of where your weaknesses lie will help you to patch your vulnerabilities before they can be exploited.
Your review should be structured around answering the following questions and should involve an experienced Incident Responder. This will provide context on how the weakness was exploited and your key technical and non-technical stakeholders to analyse how processes and policies can be amended to strengthen your security position.
Digital risks are constantly evolving as new exploits are developed. Post incident, it is important to assess your businesses key assets and the risks that could impact your operation. We recommend the following questions should be used to begin this assessment.
The final question is often the most difficult to answer, but there are a number of options for strengthening your security after a cyber incident.
Post incident, reassessing your security testing is important. Do you test regularly? Whilst conducting a single Penetration Test will give you a snapshot of the vulnerabilities on your organisations systems and networks on the day the test was completed. SES recommend that you perform regular Vulnerability Assessments and Penetration Testing once a year or after each major version change enables you to review your systems and networks for vulnerabilities an attacker could exploit.
An organisation with a strong security posture will have a security auditing/testing programme in place that delivers an ongoing assessment of network resilience. It will help align your organisation with the speed of technological changes and threat actors’ increasingly sophisticated approaches. Each report will be looked at individually to assess current problems but will also be given context by comparing it with other reports to discover trends and pre-empt problematic weak spots.
Even regular Penetration Testing doesn’t make your organisation invulnerable to attack. It’s important to review your Penetration Testing programme after an attack to understand whether it should have identified vulnerabilities before they became an opportunity to exploit and limit the impact of future incidents.
Your supply chain is a two way relationship, your suppliers are a risk to you as you are to them. Information sharing about your incident experiences, and mutual explanations of your plans and intended response allows you to understand the risk presented by the other party. For especially significant suppliers, you may wish to audit their security posture in order to have assurance that they don’t represent a weak link in your security chain.
Human error can undermine the best technical security posture. How good is the basic level of cyber security hygiene in your organisation? Depending on the confidentiality of the data involved, it’s worth considering briefing your staff on the incident and why it occurred, especially if human error was a factor.
If you think you have been the victim of a cyber attack or would like to speak to one of our specialists about protecting your organisation against cyber threats, please get in touch to speak to one of our specialists.
This article was published in partnership with our cyber security partners PGI.
© SES Secure Limited and ses-escrow.co.uk, 2022. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content