A successful cyber attack may be accompanied by organisational shock and paralysing ambiguity.
Fortunately, there are more than a dozen categories of organisation that supply services that help you to (a) reduce the chance you will be attacked, and (b) reduce the harm caused if you are successfully attacked.
Members of Cyber Rescue are given help to select the suppliers that are best positioned to provide cost-effective assistance.
1. Protect data before attacks
Please invest in protecting your data, (and remember advice like "JP Morgan spent $250m on cyber security and still got hacked”).
The following are reputable suppliers of access control, encryption, firewalls, security processes & training, etc.
2. Identify live attacks on your computers (SIEM)
SIEM is the generic name for technology that spots unauthorised activity on your computer systems. For example, if your computers are sending messages to unusual places or in unusual volumes, then they might have been taken over by a hacker. A good SIEM would alert you to such events, without overwhelming your team with irrelevant warnings. SIEM is the IT industry acronym for "Security Information and Event Management." There are over 100 companies offering SIEM products.
3. Understand live attacks (Threat Analysis)
APTs or "Advanced Persistent Threats"
is a term that has become over-used.
It should be reserved for cyber attacks that involve the most sophisticated techniques, over an extended period. Naturally, any organisation that falls victim to a successful cyber-attack might hope that sophisticated criminals or even nation-states are to blame, rather than a disgruntled employee or (worst of all) a 14-year old. But there are many products that are able to identify relatively sophisticated attacks, including the following.
4. Know what data was breached (Computer Forensics)
There are software products your IT Director can use to (try to) identify where a cyber attacker has been in your computer system. There are also professional services companies that will do this work for you.
5. Stop the Breach (Remediation & Certification)
You'll need to defeat the attack, for example by removing malware that has been placed in your network. You'll also need to prove to your customers and suppliers that they can trust you again, by certifying that you have strengthened your defences. BUT before you start to fix your systems, ensure that any forensic imaging and other investigations needed to determine the extent of the breach have been defined.
6. Protect your customers & staff (eg Credit & ID Protection)
You have a moral (and often a legal) obligation to notify anyone that has been put at risk of harm,by the cyber attack you have suffered. You also normally have an obligation to offer protection, if only to retain the goodwill of your key stakeholders.
Even if you are certain that financial data such as credit card numbers have not been stolen, a data breach can put your customers and staff at risk of phishing and other forms of credit fraud.
Various organisations can be employed to identify and limit the damage from such criminal activity. There is a strong argument though that mere Credit Monitoring services don't really help consumers, and are merely a PR exercise for the breached organisation.
7. Legal Response
An expert lawyer will be able to tell you - under legal privilege - what you are legally obliged to do, and how to ensure you have a strong defence if sued or investigated by authorities.
If you suffer a serious data breach you may be legally obliged to notify certain people (eg customers, regulators, partners, staff and alumni, depending on the data that was breached). Obligations vary by industry and by jurisdiction, and are evolving quickly. You may want to be ready to demonstrate in a court of law that - even as you suffered a criminal cyber attack - you were fulfilling your obligations to key stakeholders.
8. Public Relations (eg Twitter, Press Releases, Interviews)
To maintain the sympathy you deserve after suffering a criminal attack, you will need expert advice on the questions and reactions to expect from hostile audiences. A good PR firm will line up "friendly experts" to highlight the things you've done right to limit any potential harm to your customers.
9. Customer Service (eg Call Centre surge support)
If you suffer a serious data breach, and certainly when you announce it, you need to be able to respond to many individuals who will want you to answer questions and take action for them. Your organisation's ability to answer calls may be overwhelmed.
Your general liability insurance and director’s insurance are unlikely to cover all aspects of a cyber incident, but now is a good time to check, Of course, a full review of your insurance should be an integral part of cyber risk management. Be sure not to incur claim-related costs without consent from your insurer, and do not prejudice insurer’s rights for example by admitting liability or settling any claim.
Good cyber insurance will cover at least some of the following after a data breach: forensic investigation; notification costs; credit and identity monitoring services; costs to defend your organisation from legal challenge; cyber extortion; data loss; and perhaps business interruption. You will ideally want retroactive cover, for breaches that originated before insurance was taken out but weren't discovered until later. Advice on how to buy cyber insurance is here.
11. Authorities (eg Police, Regulators, GCHQ)
These "suppliers" can provide guidance and support. In some cases, you will have a legal and/or moral obligation to work with them.
Appendix: Cyber-related Supplier Markets
Several organisations have made great efforts to categorise suppliers working around cyber security.