Preparation is Key to Putting Out the Fire of Targeted Attacks

by Ross Dyer

Another week, another attempt to quantify the staggering losses that can result from a major cyber attack. This time, it was accounting giant Grant Thornton International which noted that one in six businesses have been hit over the past year, at a potential total cost of over £200 billion. The firm surveyed 2,500 business leaders in 35 economies, so the results likely to be more accurate than most. However, with data breach reporting still only compulsory in the US, that figure could still represent just the tip of the iceberg.

What is clear, is that targeted threats are amongst the most expensive and potentially devastating cyber incursions an organisation can experience. Our new research revealed at CLOUDSEC last week, puts the average cost at around £172,000 for UK firms. But it also reveals that there are things that every firm can do to reduce the financial and reputation impact of such an attack.

Spot them quickly
We all know why targeted attacks can have such a serious impact on an organisation’s bottom line. They most commonly begin with a spearphishing email, designed to trick the recipient into opening an attachment or clicking on a malicious link, and thus beginning a covert malware install. Said malware will often be crafted to exploit specific known vulnerabilities whilst avoiding traditional security tools. Communication with the C&C infrastructure and ongoing lateral movement/privilege escalation inside the target network is obfuscated by a range of increasingly common tools and techniques.

All of which means your average organisation is not going to find out about an attack until weeks, months or even years after it has begun. That’s not good news, especially when the general rule of thumb is that the quicker you catch an attack, the less costly it is and the lower the risk of your most sensitive data being stolen. Those who fail are exposed to clean-up and remediation costs; regulatory fines; legal fees; and damage to reputation leading to lost customers and falling share prices.

Get started now
But it’s not all doom and gloom. In fact, a new Trend Micro report conducted by Quocirca has found that UK firms put the average estimated cost of a cyber attack at £172,000 – far lower than the European average of £243,000. The key is preparation. We found that a majority of UK firms (51%) recognise the importance of a breach response plan, as opposed to a region-wide average of just 38%. It’s vital to have this in place so that IT, HR, legal, operations and every key stakeholder across the business knows exactly what to do in the event the worst happens.

It can improve response times so that law enforcement and forensics investigators are brought in ASAP to begin to work out what happened. A professional, co-ordinated response can also help to reassure affected customers and shareholders that the firm is on top of things and that it is doing everything it can to ensure a speedy resolution.

A related quick win for IT security managers is to run regular “cyber fire drills”. This is a kind of readiness test to see how prepared staff and systems are to cope with the discovery of a major cyber attack. You might already be sending staff on cyber training programs and paying for external pen testing of your systems. But these crucial components need to be brought together in a “live fire” exercise if you’re to reap the full benefits.

No organisation can 100% defend themselves from determined targeted attackers, but by taking a step back to think more holistically about how best to prepare for and respond to such attacks, we can do a much better job of mitigating their effects.

Leave a Reply

Your email address will not be published. Required fields are marked *