Check out all of our upcoming events

Blog

Latest cybersecurity news, insights and commentary by Telesoft engineers and specialists

5 Actionable Steps You Can Take To Prevent a Cyber Attack

on Friday, 03 January 2020. Posted in Cyber

As we approach 2020, cyber-attacks have become more and more prominent, with major headlines such as “Company Z announces new data breach affecting 57 million riders and drivers,” “218M [individuals] Compromised in Data Breach” and “Company X Hit by ‘NotPetya Ransomware Attack” circling social media on a seemingly daily basis.

The story of NotPetya was widely documented online by the InfoSec community back in June 2017 which targeted the shipping giant, Maersk. Within 7 minutes, NotPetya had destroyed most of Maersk’s IT infrastructure, destroying 49,000 laptops, 1,000+ applications and ruining its enterprise service bus and VMware vCenter cloud-management servers, amongst others.

NotPetya is memorable for a couple of reasons – first being the devastating consequences when it was unleashed in the wild and the rapid speed at which it spread. Secondly, the extensive impact on Windows based-systems and an unintended consequence of bringing into focus nation-state-sponsored cyber weapons falling into the hands of proxy adversaries.

But how exactly do large organisations deal with being attacked and as a customer-facing organisation what steps do they take in order to minimise the financial and reputational damage these data breaches can cause?

To hide or not to hide?

Some large companies have been found to hide such events, for example, Uber discovered the data breach of 57 million customers and drivers in late 2016, however, they waited almost a year before acknowledging the breach had happened.

Whilst financially this may have caused less damage in the short term, in the long term their reputational damage would likely have taken a much more significant hit due to lack of trust and customer respect which Uber showed. Delaying announcing a breach like this could have likely been devastating to a smaller organisation.

At a recent talk, BlackHat Europe 2019, A.P. Moller Maersk A/S Chief Information Security Officer, Andrew Powell, narrated Maersk’s response to NotPetya, which provided a very interesting insight into how Maersk dealt with falling victim to such an attack. According to Andrew Powells’ methodology, the key to this is plain and simple; ‘transparency.’

Being transparent to their customers, as well as to the public, Maersk found themselves in a strong position with organisations and customers reaching out to them offering support.

By being transparent, Maersk were also able to focus on the issue at hand, without having to try and cover up the issue, allowing them to respond to the cybersecurity incident as efficiently as possible.

It sounds simple, right? So why are more organisations not doing this? Complacency? Maybe, but how many employees actually know what to do in the event of a cybersecurity incident, and can they then translate their company’s policy into something actionable?

Ask yourself, how would you deal with a cybersecurity incident involving the world’s fastest-propagating piece of malware ever seen to date? Every minute you hesitate, you’re responsible for the loss of tens of thousands of pounds – and even worse, your organisation’s reputation.

So what actionable steps can be taken to prevent a cyber threat? 

5 Steps Blog

1. Preparation is Key

Andrew Powell refrained from using buzz words like ‘frameworks’ and ‘policy documents’ – these are great in principle, perhaps if your business is working towards its next ISO rating, but meaningless to the average employee.

With IoT constantly evolving and BYOD fairly widely employed, frameworks and policies can quickly become outdated and difficult to implement effectively. It’s everyone’s responsibility to know what to do when they encounter a cyber-threat, whether it’s a simple phishing email or something more sophisticated; denial-of-service or network intrusion, employees should be aware of the steps they need to take to prevent the spread of a cyberattack.

Additionally, all employees should be sufficiently trained in basic cyber skills as well as how to respond to an event if it were to occur.

2. Personal Responsibility

Making sure everyone is accountable – ensuring everyone in the structure of your organisation cannot plausibly deny their responsibility in identifying and responding to a cybersecurity incident is paramount.

3. Training

Incorporate training at the grass route level. Maersk is a Danish company. In Danish, safety and security is the same word, they utilise the same mindset and importance of cybersecurity as we do for health and safety.

4. The Response Phase

There should be a process of fast-track/ immediate actions, triage and the golden hour principle, which are phrases that are more aligned with today’s law enforcement agencies than the InfoSec community.

5. Communication

Communication is a key part of the response – what happens if your infrastructure is affected? Business telephony systems rely heavily on VoIP, does your business have a contingency plan while remaining secure?

Any company’s response should be multi-faceted – not limited to eradicating the threat, but to include the lessons learnt to prevent a similar occurrence in the future. Powell talks about employing post-attack solutions such as endpoint detection and response, privilege access management, and a threat intelligence platform.

Cybersecurity should be at the core of everyday business, as such every employee should be trained on Cybersecurity, including what to do in a cybersecurity crisis.

 

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.