Connected threat: Minimising cyber risks

The ransomware attack in May on thousands of private and public sector organisations across the world, including the NHS, prompted an investigation by the National Audit Office into the roles and responsibilities of key stakeholders.

Nick Hawkins examines the steps that can be taken to limit the fallout from a cyber breach and how crisis communications technology can help improve the disaster recovery process.

May 12 saw the NHS undergo a crippling cyber attack. Hackers targeted the backbone of the NHS, tapping into computers, telephone lines, MRI scanners, blood-storage refrigerators and theatre equipment. Surgeons were forced to use their mobile phones for communication while critical information, such as X-ray imaging, was moved around the hospital on CDs.

The NHS – and just as critically the emergency services – are becoming increasingly reliant on machines that are connected to the internet.

Only recently, Durham Constabulary Chief Constable Mike Barton, national policing lead for crime, told the Crime Reporters Association that devices connected to the internet were a “back door into your network” and should carry cyber security ratings.

While firewall renewal dates for PCs are logged, it is easy to forget when a portfolio of internet-enabled devices needs updating for security. With the internet of things (IoT) expected to consist of millions of new connected devices in the future, this issue will become more critical.

In the event of an emergency, effective communication is critical. When IT systems go down, emergency services and organisations need to be able to communicate with their staff – and partner agencies – and coordinate an effective response. The longer this process takes, the bigger the impact.

To limit the damage of a cyber attack, the following questions need to be considered.

First, what is your response plan? Cyber attacks often happen out of ‘office’ hours. An IT incident response plan should be in place to combat an attack even if it happens at 5am. An efficient response plan will include methods of communication for specific stakeholders.

Secondly, how can you prepare communications in your response plan? For example:

Assess – what is happening and the severity and impact of the incident;

Locate – who is in harm’s way and who can help and identify resolvers, impacted personnel and key stakeholders;

Act – which team members need to act and what do they need to do;

Analyse – what have you done before, what worked and how can communications be improved; and

Communicate and collaborate – notify employees on what action to take and keep partners informed.

Thirdly, what are the threats your organisation could face?

You need to understand the type of threat and the impact it could have. For example, could it result in loss of services or, more critically in the case of the emergency services, data? The solution will differ depending on the threat.

Finally, who is essential for your IT incident response plan?

?If an organisation does not have a dedicated security team, staff must be assigned to deal with a security crisis when it occurs. There should be an ‘incident team’ to coordinate the response.

Also, decide who should be contacted following a breach and determine how are you going to ‘reach’ them. Multiple communication methods can be affected by a cyber attack:

•If your phone and voice mail system is VOIP (voice over internet protocol)-based, you may lose your service;

•If your website is hosted in-house, it may go down; and

•If the core network is compromised, every computer becomes a standalone machine with no access to in-house data.

Critical communication platforms can be used to ensure you are still able to communicate while multiple communication methods are affected.

No organisation is completely immune to the threat of cyber attack. It is vital that crisis management plans are in place to ensure that ‘business-as-usual’ practice returns as quickly as possible, with minimal im