When a malicious actor attacks an enterprise, IT and security must work together in order to respond — quickly and effectively.
But how does that work? As with anything, it depends on the organizations, how the IT and security departments work together and how much planning has been done in advance. "Cybersecurity is one of the most difficult aspects of running a business. No amount of advance planning can prevent every cybersecurity incident, planning can help mitigate the results.
"It depends"
Who does what during a cybersecurity attack is determined by each organization, and the weight of the role's IT and security play. At smaller companies, IT and security teams might be close enough to share the same budget. In those situations, a smaller team can work together as one department because that is essentially how they have functioned in the past. For larger organizations, healthcare, education or government, a security team typically sets policy, but does not get involved with IT operations.
What now?
In either case, IT and security teams will work together to determine the threat and where it occurred. At this point IT will focus on mitigating and recovery while security negotiates with the threat actor, which is usually a ransom payout.
Brace the backups
While IT's role depends on the enterprise, most likely the team will be responsible for the data backups — which hopefully exist. IT needs to start looking at backups immediately and confirm if they have them and if they were compromised. IT also needs to locate offsite backups and confirm that they have not also been infected.
IT can then identify which portions of the network haven't been attacked and assist with restoring data and/or rolling back activities to the last good state backup that you know is clean. Unwinding the breadth and scope of an attack often involves reconciling logs, which IT and security can do together, ideally before an attack.
Put someone else in charge to diffuse tension
IT and cybersecurity may snip at each other during an attack. It's a tense situation and the fallout could cost not just millions of dollars in losses, but a CIO and/or CISO their jobs. This should be treated like a corporate crisis by the entire enterprise and depending on the size of the organization, that means the response should be part of "overall crisis management coordination.
A legal firm should be consulted for internal and external communication response regarding the Cyberattack.
Insurance companies typically provide incident response plans, but organizations should put in the time to create customized plans instead, outlining the roles of everyone, including IT and cybersecurity, and who is going to resolve disputes between the two.
Prepare for communication during an attack
The best way to cut down on both the timeline and cost of a cybersecurity attack is to prepare before it even happens. One of the biggest things we recommend is preparation. In case something happens, [IT and security are] already working well together. They already have that communication channel set up. They know what each team needs to be successful.
Who is NCI and how we can help!
If you are looking for a proven IT service provider, Network Connections has all the solutions you're looking for. We offer your business managed IT services, mobile or remote workplace, Microsoft cloud services, managed cybersecurity, and hosted VoIP solutions.
Contact us today, and find out how we can help your business.