Heads in the sand: NTT reveals apathetic attitudes towards incident response plans

New research from NTT security says most organisations lack an incident response plan, or don't know what theirs says. Here's why that needs to change and where organisations can start.

The way in which an organisation responds to a cyber attack can really be the difference between a few non-critical systems being offline for a short amount of time and a large-scale outage that results in millions of dollars in damages. Having robust cyber defences in place is just non-negotiable anymore, as more and more organisations fall victim to cyber-attack. Looking to the UK market, just last week, research by Hiscox revealed that more than half (55%) of British firms reported a cyber attack in 2019, rising from 40% in the previous year. In conjunction, a recent Twitter poll from Infosecurity Europe 2019 revealed that 83% of respondents believe that organisations are not innovating as quickly as the cyber-criminals who plan to attack them. Both of these revelations are just the latest in a long line of alarming statistics, painting cyber-criminals as an advancing, ever-prevalent threat to digital-savvy businesses.

So one thing that you might expect organisations to be on top of is creating and updating their incident response plans, however, new research from NTT security reveals that this is not the case. According to data from a survey of 5500 respondents, only 49% of organisations have an incident response plan. Perhaps more interestingly, of those organisations that do have one, only a minority actually even know what it stipulates. This is probably not the best area for organisations to be lacking in, as the losses for those who don't act appropriately can be massive.

In a roundtable discussion at NTT's Security Operations Centre in Gothenburg, Sweden, vice president of consulting for Europe Patrick Schraut explains one tangible situation where processes weren't good enough after an attack. He says that while it's critical that organisations avoid ‘headless-chicken mode' when an attack occurs, that's unfortunately what he sees in many cases.

‘'A family member of mine works at a hospital and they had a minor attack which used some kind of cryptolocker malware,'' Schraut says. ‘'They didn't patch their systems and as a result, the whole hospital was down. In most situations, they would detect it and try and contain it as soon as possible, as - in the beginning - it was just a few dedicated machines.

‘'However, after five days, they had to shut down their entire operation. They couldn't do anything. They couldn't do important things like retrieve blood results, and they couldn't do X-rays because the storage on the machine was only for five or six pictures and the system couldn't upload pictures anymore. They were completely shut down.''

Shraut says the important element in this situation was preparation. He says if the hospital implemented an effective incident response plan, the situation would have been under control much faster and critical systems wouldn't have been compromised.

‘'The key point here is that if you're under attack, you don't want to start a discussion. You don't then want to start talking about budgets and contracts, because even if you decide on day one, after an attack, that you need external help, it takes 48 hours just to explain your network to the experts before they can help you,'' Schraut continues.

To continue reading this article register now