A successful cyber attack may be accompanied by organisational shock and paralysing ambiguity. 

Fortunately, there are more than a dozen categories of organisation that supply services that help you to (a) reduce the chance you will be attacked, and (b) reduce the harm caused if you are successfully attacked.

Members of Cyber Rescue are given help to select the suppliers that are best positioned to provide cost-effective assistance.

1. Protect data before attacks

Please invest in protecting your data, (and remember advice like "JP Morgan spent $250m on cyber security and still got hacked”).

The following are reputable suppliers of access control, encryption, firewalls, security processes & training, etc.

Access Auditor - Security Compliance Corporation
Certification - CREST - Cyber Essentials
Cyber Emergency Response Exercise - Segmantics
Encrypt Data at rest and in motion - Gemalto
Firewall - Unified Threat Management - Sophos
Multi-Factor Authentication - SMS Passcode
Penetration Testing - 2sec
Security Assessment Software - Panaseer
Security check your suppliers - BitSight
Security check your suppliers - Security Scorecard
Training on Cyber Response - Corpress

2. Identify live attacks on your computers (SIEM)

SIEM is the generic name for technology that spots unauthorised activity on your computer systems. For example, if your computers are sending messages to unusual places or in unusual volumes, then they might have been taken over by a hacker. A good SIEM would alert you to such events, without overwhelming your team with irrelevant warnings. SIEM is the IT industry acronym for "Security Information and Event Management." There are over 100 companies offering SIEM products.

SIEM Suppliers (analysing cyber security alerts) - User evaluations summarised by Gartner
SIEM - AlienVault USM (Unified Security Management)
SIEM - LogRhythm Security Intelligence Platform
SIEM - McAfee Enterprise Security Manager from Intel
SIEM - SolarWinds Log and Event Manager
SIEM - Splunk Enterprise Security

3. Understand live attacks (Threat Analysis)

APTs or "Advanced Persistent Threats" is a term that has become over-used. It should be reserved for cyber attacks that involve the most sophisticated techniques, over an extended period. Naturally, any organisation that falls victim to a successful cyber-attack might hope that sophisticated criminals or even nation-states are to blame, rather than a disgruntled employee or (worst of all) a 14-year old. But there are many products that are able to identify relatively sophisticated attacks, including the following.

Threat Analysis product market shares - IDC - 11 pgs - Oct 2015
Threat Analysis - Bromium
Threat Analysis - Cybereason
Threat Analysis - Damballa Failsafe
Threat Analysis - FireEye
Threat Analysis - Hexis HawkEye
Threat Analysis - Lastline
Threat Analysis - Trend Micro
Threat Analysis - ThreatStream
Threat Analysis - WatchGuard

4. Know what data was breached (Computer Forensics)

There are software products your IT Director can use to (try to) identify where a cyber attacker has been in your computer system. There are also professional services companies that will do this work for you.

Computer Forensics - Product - EnCase
Computer Forensics - Product - Rapid7
Computer Forensics - Service - CCL Group
Computer Forensics - Service - Dell
Computer Forensics - Service - Context
Computer Forensics - Service - Deloitte
Computer Forensics - Service - Digital Shadows
Computer Forensics - Service - Kroll on Track
Computer Forensics - Service - Mandiant FireEye
Computer Forensics - Service - MWR

5. Stop the Breach (Remediation & Certification)

You'll need to defeat the attack, for example by removing malware that has been placed in your network. You'll also need to prove to your customers and suppliers that they can trust you again, by certifying that you have strengthened your defences. BUT before you start to fix your systems, ensure that any forensic imaging and other investigations needed to determine the extent of the breach have been defined.

Remeditation - Automated Cyber Incident Response - Ayehu
Remediation - remove network malware and viruses - Symantec
Certification - CSA Star - Cloud Security Alliance - Security Trust and Assurance Registry
Certification - Cloud Computing Certification Schemes List - European Union - ENISA
Certification - Cyber Essentials Plus
Certification - ISO 27001 - Information Security Management - BSI
Certification - ISO-31000 - Risk Management - Global Institute for Risk Management
Certification - NIST 800-39 - Managing Information Security Risk - National Insistute of Stadards and Technology, USA
Certification - Payment Card Industry Data Security Standard (PCI DSS)

6. Protect your customers & staff (eg Credit & ID Protection)

You have a moral (and often a legal) obligation to notify anyone that has been put at risk of harm,by the cyber attack you have suffered. You also normally have an obligation to offer protection, if only to retain the goodwill of your key stakeholders.

Even if you are certain that financial data such as credit card numbers have not been stolen, a data breach can put your customers and staff at risk of phishing and other forms of credit fraud.

Various organisations can be employed to identify and limit the damage from such criminal activity. There is a strong argument though that mere Credit Monitoring services don't really help consumers, and are merely a PR exercise for the breached organisation.

Credit and Identity Protection - Experian
Credit and Identity Protection – LifeLock
Credit and Identity Protection - Noodle

7. Legal Response

An expert lawyer will be able to tell you - under legal privilege - what you are legally obliged to do, and how to ensure you have a strong defence if sued or investigated by authorities.

If you suffer a serious data breach you may be legally obliged to notify certain people (eg customers, regulators, partners, staff and alumni, depending on the data that was breached). Obligations vary by industry and by jurisdiction, and are evolving quickly. You may want to be ready to demonstrate in a court of law that - even as you suffered a criminal cyber attack - you were fulfilling your obligations to key stakeholders.

Legal Response - Bird and Bird
Legal Response - Covington
Legal Response - Dentons
Legal Response - DLA Piper
Legal Response - Husch Blackwell
Legal Response - Mishcon de Reya - Mishcon Secure
Legal Response - Pinsent Masons

8. Public Relations (eg Twitter, Press Releases, Interviews)

To maintain the sympathy you deserve after suffering a criminal attack, you will need expert advice on the questions and reactions to expect from hostile audiences. A good PR firm will line up "friendly experts" to highlight the things you've done right to limit any potential harm to your customers.

PR – TuckerHall
PR - Waggener Edstrom

9. Customer Service (eg Call Centre surge support)

If you suffer a serious data breach, and certainly when you announce it, you need to be able to respond to many individuals who will want you to answer questions and take action for them. Your organisation's ability to answer calls may be overwhelmed.

Customer Service - Call Centre Support from NPC

10. Insurance

Your general liability insurance and director’s insurance are unlikely to cover all aspects of a cyber incident, but now is a good time to check, Of course, a full review of your insurance should be an integral part of cyber risk management. Be sure not to incur claim-related costs without consent from your insurer, and do not prejudice insurer’s rights for example by admitting liability or settling any claim.

Good cyber insurance will cover at least some of the following after a data breach: forensic investigation; notification costs; credit and identity monitoring services; costs to defend your organisation from legal challenge; cyber extortion; data loss; and perhaps business interruption. You will ideally want retroactive cover, for breaches that originated before insurance was taken out but weren't discovered until later. Advice on how to buy cyber insurance is here.

Cyber Insurance - ACE
Cyber Insurance - AIG
Cyber Insurance - Aon
Cyber Insurance - Hiscox
Cyber Insurance - Marsh
Cyber Insurance - Beazley

11. Authorities (eg Police, Regulators, GCHQ)

These "suppliers" can provide guidance and support. In some cases, you will have a legal and/or moral obligation to work with them.

Authorities - CESG - originally the Communications Electronic Security Group - National Technical Authority for Information Assurance - GCHQ
Authorities - FBI IC3 - Federal Bureau of Investigation - Internet Crime Complaint Center - USA
Authorities - GovCertUK - Computer Emergency Response Team for public sector organisations - UK
Authorities - National Crime Agency - NCCU - National Cyber Crime Unit - UK
Authorities - Register with ICO - Information Commissioners Office UK
Authorities - US-CERT - Computer Emergency Readiness Team - USA

Appendix: Cyber-related Supplier Markets

Several organisations have made great efforts to categorise suppliers working around cyber security.

Cyber Growth Partnership - aims to demonstrate that the UK is a world leader in cyber security
Critical Security Controls poster - SANS - 2 pg - October 2014
Security Providers - Info Security PG's Global Excellence Awards - April 2015
Security Providers - SC Magazine Annual Awards - 17 pgs - June 2015