For several years now, IT has been coming in handy for many situations. However, you might be wondering how it can help when it comes to a cyberattack.
When a cybercriminal attacks a business, the IT and security departments have to collectively respond more quickly and effectively.
So how does that happen? Just like anything else, “it depends,” said Ed Amoroso, CEO, TAG Cyber, a cybersecurity and research advisory company, and an NYU professor. It depends on the institutions, how the IT and security departments operate together, and how much planning has been accomplished in advance.
“Cybersecurity is among the hardest aspects of running a business,” he said. While he said kind of planning can deter every cybersecurity occurrence, planning can help mitigate the outcomes.Â
Rather than trying to contemplate what the IT department does during a cybersecurity threat, going through potential scenarios or even a made-up attack in advance can make sure that security and IT departments are working together in case the worst occurs.
It Depends
Who does what in the event of a cybersecurity attack is specified by each institution, and the weight of the functions the IT and security play, said, Amoroso.Â
In smaller companies, IT and security teams might have close ties to an extent of sharing the same budget. In such cases, a smaller team can collectively work as one department because that’s essentially how they’ve worked previously.Â
For important operations, like the branches of government and industrial and crucial infrastructure, a security team normally sets policy but doesn’t participate in the response.
With the government agencies, the concerned department sets policy and gets lightly involved in the operation. By offering policy and training but in case of an attack, it’s hardly in there doing clean up and fix,” Amoroso said.Â
This is normal because these corporations are so specialized. “In case of a disaster in a company that manages nuclear power, you need people who have experience with the equipment and won’t press the wrong button,” he said.Â
“It’s almost 50-50 in terms of whether the IT team or security team control that task, the management of identities, the registration, the onboarding, the administration governance,” he said. That’s where’s things and who does what during a response can get upset.
Clamp the Backups
While IT’s role relies on the corporation, most promising the team will be accountable for the data backups. That hopefully exists.Â
“While the incident response crew is concentrated on the attacked area, IT has to start looking at backups instantly and check if they have them, and if that is the case, have they been deleted,” said Jerry Bessette, senior vice president and lead of Booz Allen Hamilton’s Cyber Incident Response Program.Â
IT also has to locate offsite backups and check that they haven’t been infected.Â
Technology leaders can then specify which fractions of the network haven’t been attacked and help with “restoring data and getting the activities back to the last good state backup that you think is clean,” he said.
Unwinding the extent and scope of an attack always pertains to reconciling logs, which IT and security can do collectively, before an attack.Â
Christina Barker, practice head of NCC Group’s North American Cyber Incident Response Team, worked with clients where the “security team is logging some very particular security logs but they don’t realize their database squad or systems administration team has rich information in their logging,” she said. “The more you can scrutinize and the more you can aggregate, the better chance you’ll be able to see it coming.”Â
Put Someone Else in Charge to Diffuse Tension
IT and cybersecurity may snip at each other during an attack. It’s a tense situation and the fallout could cost not just millions of dollars in losses, but a CIO and/or CISO their jobs.
This should be treated as a corporate crisis by the entire enterprise and, depending on the size of the organization, that means the response should be part of “overall crisis management coordination,” Bessette said. Â
Instead of just letting the security team run with it, “you need an overarching crisis management team that’s coordinating all the workstreams,” he said.Â
Insurance companies typically provide incident response plans, but organizations should put in the time to create customized plans instead, outlining the roles of everyone, including IT and cybersecurity, and who is going to resolve disputes between the two.
Prepare for Communication During an Attack
The best way to cut down on both the timeline and cost of a cybersecurity attack is to prepare before it even happens, said Barker.
“One of the biggest things we recommend is preparation,” she said. “In case something happens, [IT and security are] already working well together. They already have that communication channel set up. They know what each team needs to be successful.”Â
Instead of saying who will do what, she recommends tabletop exercises so “it’s not just talking about how they’re going to do it but also practicing that communication channel.”
If an enterprise hasn’t done a tabletop exercise while employees are working remotely, it’s worth doing one while the workforce is scattered, even if plans call for most people to be back in the office sometime this year.
“A lot of time these incidents don’t happen between the hours of eight and five. They’re usually on a weekend. Most likely people are going to be communicated in that kind of [remote] way,” she said.
Cyberattack FAQs
Here are the commonly asked questions concerning cyberattacks:
What do you do during a cyberattack?
During a cyberattack, take the following steps:
- Check your credit card and bank statements for unrecognizable charges.
- Check your credit reports for any new accounts or loans you didn’t open.
- Be alert for emails and social media users that ask for private information.
- If you notice strange activity, limit the damage by changing all of your internet account passwords immediately.
- Consider turning off the device that has been affected. Take it to a professional to scan for potential viruses and remove any that they find. Remember: A company will not call you and ask for control of your computer to fix it. This is a common scam.
- Let work, school, or other system owners know what happened.
- Run a security scan on your device to make sure your system is not infected or acting more slowly or inefficiently.
- If you find a problem, disconnect your device from the Internet and perform a full system restore.
What is the best defense against cyberattacks?
Based on Cialdini’s principles, we recommend the following six strategies to fortify the human firewall against the deceptive techniques of criminals and foster a security-aware organizational culture.
- Ask employees to sign a security policy
Demonstrating commitment, such as signing a code of ethics, makes people more likely to follow through and leads to greater cognitive and behavioral adherence with codes of conduct. These policies are written commitments that state an employee will, for instance, treat all sensitive corporate information (e.g., customer and contractual data) confidentially, proceed in the best interest of the organization during on- and offline activities, and report suspicious incidents immediately to the respective internal point of contact. Employees also acknowledge that they will not disclose any sensitive corporate information to any external parties.
- . Lead by example
In uncertain circumstances, people look around them for cues on how to think and act. On the one hand, this behavior can be framed as conformity, but on the other, it can be seen as a way to help people grasp a common understanding of correct or normative behavior. Looking to others for cues helps to reduce uncertainty. Especially when those others are in respected social positions.
Aged leaders, therefore, should lead by example and promote best-practice behavior.
For example, they should emphasize the importance of security behaviors like not leaving one’s PC unlocked, not holding open doors at the company site to people without verifying their legitimacy, and not exposing company documents, be they physical or digital, in public spaces.
- Elicit reciprocity.
There is a pervasive social standard that determines if someone gives us something, we feel obliged to return the favor. This urge tends to be true even if the initial gift was not requested or even if what is requested in return is far more valuable than what was originally given. The norm of reciprocity is important because often the returned favor is done unconsciously.
Aged leaders should be aware of this powerful impacting technique and use it to strengthen a security-aware culture in the institution. Taking moves to secure an employees’ data or identity, like providing them with secure and encrypted flash drives or with a customizable digital photo frame that displays security reminders can be meaningful first steps to elicit reciprocity.
- Leverage scarcity.
People find objects and vacancies more attractive if they are scarce, or hard to get. Aged leaders can make use of this psychological inclination when facilitating the organization’s unusual and exemplary security accreditations, like accredited information security processes (like, ISO 27001), that stand to be endangered by a security breach.
By doing so and unequivocally conveying to the workforce both the organization’s charm as a great place to work. Owing to the security culture, and what would be at risk was its security to be jeopardized (like., what one could potentially lose), Aged leaders will strengthen employees’ commitment to security culture.
What support can you give to prevent internal and external threats?
Training, technology, and transparency are the keys to a strong strategy against insider threats, according to Payne. Extensive training to make sure employees comprehend what they can and cannot do with workplace data is essential, especially as the use of cloud-based collaboration tools increases.
Why do cyberattacks happen?
Cybercriminals look for financial gain through money theft, data theft, or business disruption. Likewise, the personally motivated, such as disgruntled current or former employees, will take money, data, or a mere chance to disrupt a company’s system.
What are cyber technical vulnerabilities?
A network’s technical vulnerabilities are those configurations that can be capitalized on by a cybercriminal to get unauthorized access or misuse your network and its resources. Network vulnerabilities are sometimes called security holes. Security holes should be recognized as part of the policy growth process. These vulnerabilities can be caused by a programming configuration of the operating system, a protocol or service, or an application. They include:
- Operating system code that allows hackers to crash a computer by accessing a file whose path contains certain reserved words
- Unnecessary open TCP/UDP ports that hackers can use to get into or obtain information about the system
- A web browser’s handling of JavaScript that allows malicious code to execute unwanted commands
How is cybersecurity used?
Cybersecurity is the protection of internet-connected systems such as hardware, software, and data from cyber threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Conclusion
At the start, you wanted to know how the IT department can support the security department in case of a cyberattack. Having tackled that and some of the FAQs, you now have all the information you need.
