SMEs and proactive incident responses

Cybersecurity is becoming ever more important. Every day organisations across the world are facing potential disorder through cyberattacks, such as ransomware, and stories of large businesses experiencing data breaches are frequently being reported.

No organisation or business is safe; this year has already seen a number of British universities being the victim of cyberattacks.

Dr Haider al-Khateeb, Deputy Director of the Wolverhampton Cyber Research Institute at The University of Wolverhampton, has written the following blog post on proactive incident response (IR); a process to manage disruptive cyber events.

Proactive incident response

Incident response (IR) is a process to manage disruptive cyber events. It includes several incident handling techniques and phases to help businesses detect, analyse, contain, eradicate, and recover from various types of cyber events.

Cyber events refer to incidents ranging from computer malfunction and defaced websites to exceptionally disruptive Denial of Service (DoS) attacks such as ransomware. Additionally, the National Centre for Cyber Security (NCSC) in the UK includes accidental incidents such as damage from fire or flood in the definition of ‘incident’.

Therefore, preparing for IR is also planning for business continuity, a vital requirement for all organisations.

However, deploying incident handling techniques following a cyber-attack or data breach is not straight forward and can be challenging to businesses. The process requires technical consultancy to support each phase in the IR plan. For example, to produce bespoke policies, response procedures, communication protocols, training, IR team, and the right toolkit. These requirements are typically tailored based on several factors including business functions, priorities, infrastructure, and budget.

When should an IR plan be developed?

As soon as the business is formed to engage with stakeholders in the supply chain.

For a small business, it is expected that (at least) a basic IR plan is in place. A basic plan includes key contacts, escalation criteria, basic incident life cycle (can be a flowchart) supported by guidance on legal and regulatory requirements.

Eventually, a more comprehensive plan for proactive incident response will be needed to support business continuity.

Is my IR plan good?

Other useful questions to ask include, but not limited to:

• Is your IR plan reactive or proactive?
• How do you utilise Cyber Threat Intelligence (CTI)?
• Do you have a post-incident activity within your plan?

IR as a term is reactive, so it is no wonder that a proactive approach to incident response is a foreign concept to many businesses.

However, it is very critical to understand that while disruptive technologies (such as cloud computing, virtualisation, IoT, and AI-powered software) introduce business opportunities, they inevitably continue to proliferate the threat landscape in our fragile cyber ecosystem. For example, consider the systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality.

The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by artificial intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail ^[1].

As such, recent headlines from the news include “home working increases cyber-security fears”; “hackers threaten to leak plastic surgery pictures”; and a hacking campaign compromising the infrastructure of SolarWinds, as a result, UK security analysts are trying to determine the impact of this hacking campaign on the UK.

These are a few of many examples to show that proactive cyber defence is needed to move your plan towards next-generation incident response planning. This would typically include:

• Cyber Threat Intelligence (CTI) for proactive IR: using an intelligence-led approach to optimise your incident response planning
• Adaptive response: the ability to respond in a timely and appropriate manner.
• Analytic monitoring: monitor and detect adverse actions and conditions in a timely and actionable manner.
• Trustworthiness: immutability, transparency, traceability, and integrity ^[2].

What is the impact of Industry 4.0 on IR planning? 

Have you thought about the impact of the Fourth Industrial Revolution (or Industry 4.0) on your business? It is the ongoing automation of traditional manufacturing and industrial practices, using modern smart technology. It is also highly associated with large-scale communications within Smart Cities.

We actively research emerging challenges and have recently published new findings to help businesses understand how the state-of-the-art is emerging when it comes to cyber resilience and incident response aspects of cyber-physical systems (CPSs) in smart cities ^[3].

The full report can be accessed free of charge on the following link: https://doi.org/10.3390/smartcities3030046

How can we help?

Cyber Quarter – Midlands Centre for Cyber Security provides a single hub for cyber security needs for small or large business and is backed by the expert academic team from the Wolverhampton Cyber Research Institute. Funded support is available for SME businesses facing emerging cyber security challenges, such as developing a next-generation IR Plan. The Centre also provides world leading testing facilities for businesses to test their smart technology and infrastructure.

Please email us at cyberqtr@wlv.ac.uk or visit our website for more information: www.cyberquarter.co.uk

References

[1] https://doi.org/10.1109/ICGS3.2019.8688297

[2] https://doi.org/10.1109/TEM.2021.3053655

[3] https://doi.org/10.3390/smartcities3030046