If a cyber attack has struck your business, there is probably one question on your mind: what do we do now?

First and foremost, do not panic; there are things you can do to mitigate the impacts of a cyber attack. From preserving evidence to handling public relations, proper response strategies can make the difference between a minor blip and a widescale disaster.

However, it is crucial to be prepared for such an event. Without an incident response plan, you may struggle to act before it is too late — or fail to recognise the breach at all.

The UK government’s Cyber Security Breaches Survey 2022 recently found that a breach costs the average business £4,200, rising to £19,400 for medium and large businesses. So, you cannot afford to be complacent in the face of risk.

We have outlined guidance for business leaders on how to contain a data breach, improve IT security and bounce back from an attack…

1. Action your incident response plan

An incident response plan is a predetermined set of procedures to follow during a cyber attack.

When hackers strike, an incident response framework should break down exactly what needs to be done to contain and manage the breach. The National Cyber Security Centre recommends that a response plan should, at the very minimum, include:

• Key contacts from IT and incident response teams, senior management, legal, public relations, human resources and insurance.
• Escalation criteria with a process for critical decision-making.
• A basic process lifecycle.
• At least one conference number.
• Guidance on legal and regulatory requirements.

These documents should help to detect, analyse, contain and eradicate a threat to your systems and provide a step-by-step outline for post-incident recovery. However, preparation is the first and most crucial element of a response plan.

No incident team can generate a thorough and efficient response at the drop of a hat; they must have a plan in place to quickly identify and react to an attack — and prevent one from slipping through.

2. Contain the problem before going back online

It can be tempting to hit the ‘on’ switch immediately after identifying and fixing the most obvious impacts of an attack. But going back online too soon can lead to more trouble and worsen the situation.

Before you reintroduce your affected systems, you must ensure all compromised areas have been tested, repaired and reinforced per the recommendations of technology professionals and your incident response plan. It is also essential to preserve forensic data from the breach for investigators to determine the attack’s origin.

3. Report the attack to the relevant authorities

One of the biggest headaches caused by cyber attacks is GDPR compliance — especially within sectors that habitually handle personally identifiable information (PII).

Companies are obligated to report a data breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the incident. The details and type of the attack will determine whether you should be reporting under the UK GDPR or Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), the NIS Regulations 2018 or the electronic Identification, Authentication and Trust Services (eIDAS) regulations.

Failure to report can lead to hefty fines and legal trouble, as the government continues to enforce laws to reduce the high risk to the rights and freedoms of individuals resulting from a breach of private data. So, acting swiftly to identify and contain an attack in real-time is vital.

4. Inform your customers (before someone else does)

Reputational damage in the wake of a cyber attack can be as costly as the direct financial losses associated with suffering an attack on your IT systems.

Research by global secure payment solutions provider PCI Pal found that 44% of UK consumers will stop spending with a business for several months in the immediate aftermath of a security breach. A further 41% stated they would never return to a business post-breach. As a result, your organisation’s public response to an attack is critical.

Having clear guidelines on who is responsible for speaking to the media and informing customers is key to any incident response plan. It is never wise to withhold this information; not only can this be a breach of data protection law, but it can also lead to distrust. Plus, employees must be well-informed about cyber events to remain vigilant and aware of security best practices.

5. Reinforce your security systems

It is all well and good knowing how to reduce the impact of an attack. But with the help of information security specialists, you can prevent a breach from happening in the first place.

According to Acronis’ Cyber Protection Week Global Report 2022, 76% of organisations surveyed experienced downtime due to data loss in the last year — a 25% increase from 2021’s results. Cyber crime is not going away anytime soon, and prevention is the best course of action.

Ensuring your IT systems are up to date, allocating reasonable budgets, fostering a cyber-aware culture and embracing the latest technology solutions can improve response time, minimise disruption and ultimately reduce your likelihood of experiencing a breach.

Would you like to define an effective incident response plan and improve your organisation’s IT security? Contact our team of cyber security consultants at 01252 843014 or email info@burningtree.co.uk to discuss our services.