In this article, we discuss how a cyber incident response plan as part of an overall cyber attack recovery plan, could help protect your business.

What is a Cyber Incident Response Plan?

A cyber incident response plan is an organisation’s process for identifying, defending against and recovering from cyber security breaches and attacks. It is an integral part of your cyber security strategy. The aim of a cyber attack recovery plan is to offset risk and limit damage, which should form part of your disaster recovery plan.

What makes one cyber attack recovery plan better than another? And what are the common mistakes to avoid?

Plan, don’t just React

Criminals never let a good crisis go to waste. Unfortunately, this holds true amid the Covid-19 pandemic. Carbon Black, reports that up to 88% of UK companies have suffered data breaches in the last 12 months.

Moreover, one SME is successfully hacked every 19 seconds according to insurance giant, Hiscox.  Of the 65,000 attempts to hack SMEs every day in the UK, 4,500 are successful.

As our partners at Sophos report in The State of Ransomware 2020, 48% of UK organisations were hit by an attack in the last year.

Incidents are no longer a case of if, but when. That’s why it’s important to have a robust cyber security strategy and cyber incident response plan. Yet, many businesses fail to take the proactive steps required to protect their assets and data.

By evaluating your current vulnerabilities and putting in place a cyber incident recovery strategy, you’ll be in a far better place to protect against known threats and identify any new ones.

Of course, effective security threat management involves constant monitoring, maintenance and updating of your hardware and software. A reactive approach simply doesn’t cut it.

Reduce the Fallout with a Cyber Incident Response Plan

On average, a cyber security breach in the UK costs business nearly £1.5k. However, this figure becomes far greater as the size of the business increases.

Aside from the obvious financial fallout, the costs of loss of productivity and time spent managing the incident can also damage a business. After all, cyber attacks often infiltrate all areas of a business.

If you think your business cyber insurance will offer you cover for every eventuality, you could be wrong. The 2020 Sophos report reveals that one in five organisations have a major hole in their cybersecurity insurance. 84% of respondents said that they have cybersecurity insurance, but only 64% have insurance that covers ransomware.

Many companies do not have the in-house capability to successfully investigate and respond to a cyber attack or breach in-house. For larger businesses, it can take a painful 3.4 days to get systems back up and running if their cyber incident recovery plan isn’t up to scratch.

So, what makes a strong disaster recovery plan?

A disaster recovery plan or cyber incident response plan will regularly review and test the business’ ability to withstand unexpected threats; including from increasingly-sophisticated Ransomware and Cyber Attacks.

Depending on the size and type of business, truly effective data loss prevention from cyber attacks can take many forms – whether that’s on-premise, cloud or a mixture of the two.

Whatever you opt for, it should be the foundation of a comprehensive IT disaster recovery plan. A good place to start with a disaster recovery plan is by talking to your IT service provider. But you’ll want to be ready with answers to the questions below:

1. How safe is my data? Your data might be located on a server but exactly where is this and how is it protected? How fast, if necessary, could it be recovered?
2. Can your IT service provider simulate a cyber attack/disaster recovery scenario for you? If so, can it be offered to you as a regular service where reports can be created detailing how well you performed?
3. What data isn’t currently being backed-up? Where is it located and what are the reasons why it isn’t being backed-up?
4. What do you already have in place to back up your Office 365?
5. How are my backups being protected against a Cyber Attack such as ransomware?

Understand the vulnerability of your data

We’ve asked quite a lot of questions about data backup above. That’s because many businesses are not 100% sure on how or even if all their data is backed up. Scarily, recent research by a UK internet provider of 514 businesses revealed that 50% ‘knew’ their data was being backed up but were unsure of how.

There’s a very real threat facing business today; and that’s the assumption that having a backup strategy is the same as disaster recovery plan.

Consider for a moment, do you know, with certainty exactly how long it would take your existing backup solution to restore all your data? How long could your business survive without business-critical data?  What is an incident response plan Vs a disaster recovery plan?

It becomes much easier to consider the risks if you think of it in these terms; backup is a copy of your data; a disaster recovery plan is insurance that ensures its recovery.

Remember, your disaster recovery plan is an essential business lifeline.  So, make sure that it’s kept safe and in multiple locations. More importantly, make sure that your cyber security strategy is constantly reviewed. Whenever a major IT change or upgrade occurs, revisit your cyber incident response plan.

Partnering with an experienced external disaster recovery and cyber incident response experts, such as Agile Technical Solutions, will give you direct access to a team of specialists equipped to control damage and cost. Not only this, we’ll identify threats to prevent them from hitting your network in the first place.