The ABCs of cyber threat responses

Michala HartDirector, Security UK & Enterprise, BT

Data breaches have the potential to cost any given UK business  over £2.8 million per breach. Falling victim to cyber crime is not only a crippling financial hit, but also an invasion of partner and customer data.

The criminal scene is rapidly evolving alongside technological developments, and those with their ears to the ground have noted a marked shift in cyber trends. It’s not only high-profile brands falling victim, but businesses of all sizes across all sectors. Digital transformation is a good place to begin, but it’s time we challenge attitudes towards cyber crime and educate both leaders and employees on the importance of bolstering defences.

Businesses must take a more holistic view on the impact of cyber crime. Although this might feel like an ‘online’ issue, the detrimental impact on the everyday livelihoods of individuals is felt by everyone, from those directly involved in rolling out a cyber threat response to the employees, customers and partners whose data has been snatched.

It is imperative that businesses have a response plan in place to protect both data, organisations, and those at the heart of the business responsible for carrying out the solution. Recovery can take businesses over 12 months, but the very human impact, from professional or reputational damage to the mental health toll attacks can take, can last a lifetime.

It's hard to know where to begin when it comes to deploying a cyber threat response, which is why we have outlined the key measures you need in place and useful resources for damage control and helping to mitigate the risk of irreversible damage to your business, partners and customers.

A: Action

Once a business falls victim of a cyber attack, every second counts. Cyber threats are an instant stressor and will take an emotional toll on workers, which can lead to poor decision making and dire consequences.

As a first port of call, leadership needs to assess the impact on the business and form a response plan. However, although dealing with a threat requires a team, too many cooks can spoil the broth and it’s crucial that everyone is clear on roles and responsibilities and who will make decisions on what to do next. For those less well versed in the space, identifying the threat and response may require more specialised insights. With that in mind, businesses must familiarise themselves with the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF) guidance for organisations. The CAF is a tool that provides a systematic approach to assessing the extent to which cyber risks to essential functions are being managed by the organisation responsible. 

The NCSC has also published a  toolkit for board members (PDF, 1.5KB) and  templates to help businesses understand cyber security. 

Similarly, organisations can cut through the jargon by partnering with a cyber security provider armed with the latest tools and software services for clamping down on threats.

B: Business resilience

Though you may think your business has nothing worth stealing, cyber breaches can still cause damage, ranging from temporary loss of access to files and networks, corrupted software and online service delays, to permanent loss of files, stolen money or data. 

The impact of ransomware and DDoS (distributed denial-of-service) attacks can stop businesses from functioning commercially, engaging and digitally transacting with customers and the systems they depend upon. 

Your business’ cyber resilience requires adopting a culture of awareness and the ability to respond to and recover from attacks. Rather than seeking a ‘cure’, all businesses should adopt preventative measures. A good cyber resilience strategy must focus on prevention, risk management, response and recovery. 

When compiling an action plan, SMEs and larger organisations alike must ask themselves: 

1.     What is your business resilience plan? 

2.     What is your business continuity plan? 

3.     How are you going to keep running? 

C: Communication

Cyber threats have a very human impact and it’s important to communicate and educate workers about the severities of an attack on the individual, targeted organisation and beyond. The range and frequency of attacks on businesses can complicate training processes for employees. Team members must remain vigilant about the variety of threats that prey on both technological business vulnerabilities and psychological vulnerabilities across staff. 

Organisations must undergo a cultural upheaval to change attitudes towards cyber security cultures and employee behaviour. More must be done to engage workers in training largely perceived as ‘boring’, as well as to emphasise employees’ personal roles in keeping their business secure.

Internal communications 

When reacting to an attack, there must be a set plan in place for streamlining internal communication between the team dealing with the attack and the wider organisation. Businesses need to ensure response teams are aware of who exactly they need to report the attack to and what the reporting obligations are if customer data is at risk. 

External communications 

Businesses need to prepare by rolling out training programmes for teams dealing with external communication methods by informing key stakeholders, customers and those in their wider supply chain; a distressing task for those at the front of the firing line.

Similarly, a crisis comms strategy must be implemented. Leadership should consider the value of engaging the press (either proactively or reactively) in response to an attack to spread awareness among customers, versus the effects of press exposure and the reputational damage that can come with it.

Failing to prepare is preparing to fail. However, having an action plan and response strategy in place can provide a buffer and help to protect those affected by an unexpected attack.