This is rapidly becoming the million-dollar question!!! The honest answer if you are asking because you have been subjected to an attack the likelihood it may be too late! If you’re asking because you want to be ready and then this is the article for you.
The secret to surviving an attack is to prepare for it. This is not a complex as you might think it is, but firstly, what is the cost of doing nothing?
Loss of ability to operate
Average downtime after an attack or hack is reported as around 21 hours. If this is a result of ransomware this is more likely to be days not hours.
Loss of reputation
Something that can be lost in seconds with the click of a button, and can be potentially unrecoverable. 85% of data breaches involved a human element.
Financial Penalties
The ICO has issued fines just short of £40 million in the last 8 months for failure to protect customer information. This can also lead to private claims by the customers or employees’ whose data was not protected.
Failure to win new business
More and more organisations are required to hold accreditations and certifications and without these can be excluded entirely for tendering and bidding.
There are some simple steps you can take today to ensure you are better protected immediately.
- Check your systems for patching and updates.
- Review and verify access controls, in particular admin and privileged users.
- Test and review your current defences.
- Review your monitoring.
- Review and test your backups and recovery.
- Information Security and Phishing training for all employees.
Preparation
This falls in to 2 areas;
Business Continuity Planning (BCP) is about having a plan to deal with difficult situations, so your organisation can continue to function with as little disruption as possible. This plan needs to account for people, locations and processes based on criticality.
Disaster recovery (DR) is a plan designed to recover the IT and infrastructure after a disaster. A DR plan comprises recognizing crucial IT systems and networks, categorizing the RTO, and reporting the activities required to resume, reconstruct, and recover IT systems and networks.
DR is part of the overall BCP.
RTO and RPO
Recovery Point Objective (RPO) is the tolerable amount of data the organisation is prepared to lose.
Recovery Time Objective (RTO) is the amount of time needed to recover the critical systems and applications.
DR Assessment:
The industry standard for assessing IT systems and applications is known globally as the CIA Triad. This is made up of 3 key concepts; Confidentiality, Integrity & Availability.
Confidentiality (Access Control):
Confidentiality means ensuring that information is accessible only to those authorised to have access
Integrity (Accuracy):
Integrity means safeguarding the accuracy and completeness of the information.
Availability (Accessible):
Availability means ensuring that authorised users have access to information and associated systems when required.
Our information security bundles start from less that £1,000. Providing your organisations with NCSC (National Cyber Security Centre) recognised and recommended certifications.
