Prepare for attack

CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic

The NHS was harmed by a national cyber-attack on May 12. Hackers used malware to attack the NHS’ Windows XP systems, writes Nick Hawkins, pictured, Managing Director EMEA at Everbridge, a mass notification and critical communications product firm.

Some reports state 90pc of NHS trusts run at least one Windows XP machine, and the NHS is becoming increasingly reliant on machines that have internet access.

Hackers affected the backbone of the NHS, tapping into computers, telephone lines, MRI scanners, blood-storage refrigerators and theatre equipment. Surgeons had to use mobile phones to communicate, and critical information such as x-ray imaging was moved around on CDs. During emergencies, effective communication is crucial. When IT systems go down an organisation needs to be able to communicate with its employees and co-ordinate an effective response. The longer this process takes, the bigger the impact. Simply remembering firewall renewal dates is easy. However, it becomes increasingly complex when a whole portfolio of internet enabled devices needs security updates. This issue will become more critical as the internet of things (IoT) is expected to grow to millions of new connected devices.

Businesses should consider the following points to reduce the damage of a cyber-attack:
• An effective response plan
Cyber-attacks often happen out of office hours. An IT incident response plan should be in place to combat an attack even if it happens at 5am. An efficient response plan will include methods of communication for specific stakeholders.
• Your IT response plan
➢ Incident Team: who is going to co-ordinate the response? Who should be contacted following a breach and how are you going to reach them? Define an escalation point.
➢ IT Security: is likely to fix the issue. If an organisation does not have a dedicated security team, employees should be assigned to deal with a security crisis when it occurs.
➢ Legal-counsel: if, for example, customer credit card details are stolen, legal support may be necessary.
• How to prepare communications
➢ Assess: What is happening? What is the impact? Determine the likelihood, severity, and impact of the incident
➢ Locate: Who is in harm’s way? Who can help? Identify resolvers, impacted personnel, and key stakeholders
➢ Act: Which team members need to act? What do they need to do?
➢ Analyse: What have we done before? What worked? How can we improve communications?
➢ Communicate and collaborate: What should employees do? Notify employees on what action to take and keep stakeholders informed
• The key threats
➢ You should understand the type of threat the organisation could experience and the impact it could have. For example, it could result in loss of services or data. The solution will differ depending on the threat.

Identify channels of communication:
• Conference bridges: using toll-free conference bridges for employee, vendor, senior management and other key stakeholder phone calls.
• Employee information: pushing information to employees about the company status and messaging.
• Stakeholder groups: using pre-defined groups that had been created for key stakeholders to push information via phone, text or email.

The communication methods a cyber-attack can affect:
• If your company website is hosted in-house, it may go down.
• If your phone and voice mail system is VOIP-based, you may lose your company phone system.
• If the core network is compromised, every computer becomes a standalone machine with no access to company record. Human resource information, employee contact information, vendor lists, or other key phone lists may be inaccessible.

No business or organisation is completely immune to the threat of a cyber-attack. It is vital that crisis management plans are in place to ensure that business-as-usual practice returns as quickly as possible, with minimal impact.

Critical communications platforms

Central to the success of critical communications platforms are two key functions. The first is the capability to deliver messages using a variety of different methods – this is known as multi-modal communications. No communications channel can ever be 100% reliable 100% of the time, so multi-modality transforms the speed at which people receive the message. Multi-modality facilitates communication via multiple communication devices and contact paths including email, SMS, VoIP calls, social media alerts and mobile app notifications, amongst many others.

Multi-modality ensures that it is easier to receive a message. Two-way communication makes it simpler to confirm a response. For instance, if a cyber-attack compromises an e-retailers website, every second costs the business money. An IT engineer must be located and available to help as fast as possible. Two way communication enables the business to send an alert to the IT team giving them the option to reply with “available and onsite”, “available and offsite” or “not available”.

The time and effect of cyber-attacks may be extremely difficult to decipher, however, the ability to respond and limit damage can be significantly improved by implementing a coordinated communications strategy. In today’s connected environment cyber-attacks are an inevitable threat, businesses should move away from a sole focus on prevention and consider their ability to respond and limit damage post-attack.