The old saying “an ounce of prevention is worth a pound of cure” has never been more true than when dealing with cyber security. By planning ahead of time to prepare for a cyber-attack, you’ll save both money and resources while also helping mitigate the potential threat of the attack itself.

Many people don’t plan ahead for cyber attacks because they think that it “can’t happen to them.” The reality is that over half of all malware attack victims (58% precisely) are small businesses.  Malware hacks end up costing small and medium-sized businesses over $2 million on average.  These are not the major corporations that can absorb a big loss, but rather entities that can be completely crippled by one.

How much, on average, can you expect to save if you prepare for a cyber attack ahead of time?

That’s a hard number to tack down since every industry and business is entirely different as is almost every hack or cyber attack. What can be determined, however, is that you’ll definitely spend more money and resources, such as work hours, reacting to such an attack with no prior preparation.

A large portion of the cost for a cyber-attack response is the expense of hiring a forensic team to examine your network system. This team will have to determine where the attack began, exactly what the attacker has done to your system, and whether the hackers still have active access to your computers. Once this is determined, the team will close the holes in your security.  Forensics specialists can cost $800 per hour or more.

But the forensic team is not the only expense. While they’re doing their investigation and fixing the problem, the hackers can still have access to your network and wreak more havoc on your system until they’re finally expelled from the network. This is why prepping is so important.

In order to prepare for cyber-attacks, you should take the following steps:

Identify your stakeholders

Identify your stakeholders and the resources that you’ll need to utilize in both preparing and responding to a cyber attack. These stakeholders include anyone who might potentially be impacted by a cyber attack including customers whose data could be endangered. It should also include company attorneys that may be able to handle issues such as liability in the event of a data breach or insurance claims regarding such a breach. These resources might also include the equipment, backups, and data needed to respond to the attack, as well as the employees who’ll be needed.

How will you detect and triage a data breach?

Determine how you will detect a data breach and how you will triage such a breach. You’ll have to patch together your security temporarily until you can get a full clean-up of your security.

Create a clear communication plan

Create a clear communication that identifies everyone’s place in the information line.  You’ll want to be sure higher-level executives know and understand the issue, plan to address the issue based on previous preventative measures, as well as plans to keep the executives updated.  This helps prevent having too many “cooks in the kitchen.” A clearly delineated communication chain will also keep people from complicating the response by tripping over each other.

Plan to debrief after the attack has been resolved

Plan to discuss with all the stakeholders and responders after everything is resolved from the attack to determine exactly what happened. Talk about how the cyber attack response can be modified to prevent such an occurrence from happening again.

As part of your cyber security practice, include business leaders in Threat Hunting

The key to being truly prepared for a cyber attack is being able to effectively detect such an attack and then provide a rapid response to it. In order to do this, practice must happen so the decision makers can take action when the attack occurs. To facilitate meaningful practice, you should include “threat hunting” as a means of determining potential hazards to your system.

In 2018, the Secureworks Security Leaders Survey showed that 43% of respondents regularly use such threat hunting activities as part of their incident response program.  This survey went on to point out that while an encouraging 56% of respondents say they now involve business leaders in incident response exercises, the remaining 44% are only including the security team or don’t conduct exercises at all.

This leaves a gap between the IT response and the business response, increasing the risk of miscommunication.  Worse, it can also lead to negative media attention and a lack of consumer confidence, which can often be more damaging than the hack itself.

It’s best practice that your business, no matter its size, creates a response plan for a cyber attack. It should be reviewed and modified annually and include all stakeholders, as well as the potential for independent security testing to audit your own system security.

For more help being prepared for a cyber attack, ASSUREtrust’s Incident Response Plan Guide can help you to create a solid plan to help protect your company.