Sorry, this is not a coffee* appreciation article it is an article about planning and preparation for an incident.
Planning and Preparation = Good Governance
Businesses and organisations need a cyber security policy and a plan covering what they do to mitigate the risk of an incident and what they will do in the event of an incident. It does not need to be complicated, but it needs to cover your threats and risks – which you need to work out – what you are doing to reduce those risks and what happens if the threats become an incident.
Threats and Risks
This is where your planning and preparation has to start – and I will get your ball rolling by looking at just one element of Smart Thinking Solutions that is included in our plan. Email.
We looked at the real world risk of a malicious phishing email being opened by a member of our team (UK Government. 2022) and the systems that may be impacted by that.
Here are some of the outcomes from activating attached malware:
- Browser compromise
- Malware on the local PC and network
And if a link is followed:
- Disclosure of credentials
- Browser compromise
- Malware installed
There was a further outcome discussed, “what if the malware was encryption ransomware”.
Then we worked our way through mitigations against the incident happening, preparations for the incident happening and what we would do if the incident occurred. In no particular order, here are some of the solutions we discussed:
- Staff awareness training including discussing the issue at the weekly staff meeting
- Remote Monitoring and Management software
- Centrally managed anti-virus solution
- Ransomware resilient back-up
- Establish who will manage the incident and who will manage communicating with stakeholders
- Reporting on everything
- Manage the global administrator accounts and access levels correctly
- Write it down and make it accessible to everyone even if there is an incident
- Secondary/fall back email
- Is there anything that needs to be done by the user before escalating the incident?
- and…
- and…
We put in place the most appropriate steps to mitigate our risk and then moved on to the next threat. (Whitman and Mattord. 2013).
Planning and Preparation = Coffee*
But what happens if this happens?
And that brings me to the coffee* in the planning and preparation. I was reminded, whilst writing the article “The Blame Game”, that the first thing we do when we attend an IT or cyber security incident is “have a coffee” and sit down with the client and find out what is going on.
A few minutes spent looking at the incident, pulling out the plan, checking the back-up status and talking to the person who clicked on the link, whilst having a coffee*, can save a lot of time and mistakes when it comes to tackling the problem.
So what’s in your plan?
I cannot tell you here. It needs to be your planning and preparation. You need to create your own plan, have your own discussions, decide what your vulnerabilities are, see the threats and put the training and mitigation in place. Oh and keep it all up to date.
Obviously get help from us if you need it!
Clive Catton MSc (Cyber Security) – by-line and other articles
* Other hot or cold drinks are available – you choose.
References
UK Government. (2022). Cyber Security Breaches Survey 2022. Retrieved January 16, 2023, from https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022
Whitman, M. E., & Mattord, H. J. (2013). Management of information security. Cengage Learning.
Further Reading
Ransomware Resilient Back-up – Smart Thinking Solutions
