Cybersecurity expert Stan Gallo says he doesn’t expect that SMBs in the thick of cybersecurity incidents are running around shrilling they have no idea what to do, but he says he does often see businesses that could react better. Some shut their systems off immediately or take other initial steps that are not necessarily ideal for their interests.
“Preparedness is better than panic,” says Gallo. “I think being prepared is not about being an IT guru. I think that’s a mistake that a lot of business people make.
“Many think they need to understand everything but all they really need to ask is, ‘In the event of an incident, do I have a robust incident response (IR) plan to follow and where do I go for advice and assistance?’ And then take advice around those next steps.”
Your first responders’ support in the event of a cyber Incident
Gallo, National Leader of KPMG Forensic Technology, which includes Cyber Incident Response Services, says his team regularly responds to a range of different incidents in any given week, with the nature of the response dependent on the extent of the clients’ problems.
They work with businesses to understand the nature of the attack and they get across the IT environment very quickly to concurrently return the business to normal operations and take steps to preserve potential evidence indicating what has happened.
“Incident response analysis is not in the standard skill set of typical IT support people – as in the local IT supplier or indeed some network and application providers,” says Gallo. “Security specialists have a different skill set.”
KPMG’s Cyber Response Services can provide you with a range of support services such as an Incident Response Maturity Assessment, 24-hour Incident Response Assistance, Cyber Incident Crisis Management and Post-Breach Review.
Key steps for SMBs to take in response to a cyber Incident
The Australian Norton SMB Cyber Security Survey 2017 states that one in four SMBs experienced a cyber attack in 2017.
According to Gallo, he’s seeing a rise in the number of incidents his team responds to daily, weekly and monthly too.
The Department of Industry, Innovation and Science states businesses can respond to a cyber attack with the following basic steps in mind:
- Identify affected systems.
- If needed, switch off from the network and turn off your computer to contain the spread of the threat.
- Fix the problem by removing the threat.
- Repair and restore your systems to resume business as usual.
Gallo says some small businesses will have a generic IR plan that might outline who to call and the first steps to take but effective cyber incident responses inevitably need to be tailored to both the nature of the incident and the type of business systems affected. “You quickly need to move to a more detailed focus that relates to your specific environment, because no two environments are the same.”
Cyber insurance for further peace of mind
2017 Australian report Cyber Aware cites figures indicating four out of every five SMEs understand their business’s susceptibility to cybercrime is increasing.
Even with the protection and support available through a service like KPMG’s Cyber Incident Response Services, there’s also peace of mind in considering a cyber insurance policy with a quality provider.
The old adage about hoping for the best but preparing for the worst is applicable here. Gallo points out that, if your business is cyber attacked, remediation costs can be significant.
Your SMB can potentially pay a lot for legal advice around regulatory obligations, activating the cyber response team, data recovery itself, new equipment and repairs to your damaged reputation.
“Potentially, particularly for smaller businesses without adequate protection, it can drive them to bankruptcy.
“So, it’s having the appropriate protection framework, including insurance…. That’s where the return on investment is.”
Prevention is the best form of protection. Find out more about how to protect your business from cybersecurity threats.