A fundamental aspect of cyber resilience relates to incident management, response and recovery planning. All organisations need to regard cyber risk as a business risk and put in place incident response plans that are tested regularly through exercising.
What is a cyber incident?
The NCSC defines a cyber incident as unauthorised access (or attempted access) to an organisation’s IT system/s. These may be malicious attacks such as denial of service attacks, malware infection, ransomware or more commonly phishing attacks.
An accidental action by an employee could also cause a security incident for example when a member of staff clicks on a phishing link within an email or downloading a seemingly legitimate piece of software as part of day to day work which contains a virus or malicious software.
Things that might indicate a cyber incident include:
- computers running slowly
- users being locked out of their accounts
- users being unable to access documents
- messages demanding a ransom for the release of your files
- people informing you of strange emails coming out of your domain
- redirected internet searches
- requests for unauthorised payments
- unusual account activity
Have a plan to prevent, detect, respond and recover
It is good practice to have a Cyber Incident Response Plan in place that sets out the steps your organisation should take to prevent, detect, respond and recover from cyber attacks. Your plan does not have to be complex but it should be clear on the roles and responsibilities of key individuals who can take action. This should not sit in isolation and should be woven into the wider resilience, business and service continuity / disaster recovery planning.
Incident Management
The NCSC defines a cyber security incident as: A breach of a system’s security policy in order to affect its integrity or availability The unauthorised access or attempted access to a system Cyber incidents can take many forms, such as […]
Read moreReport Cybercrime
You can report Cybercrime as follows: By phoning 999 (emergency) or 101 (non-emergency) In person at any police station
Read moreCyber Incident Helpline
The free helpline will help organisations confirm they have been the victim of an attack and, if so, provide expert guidance to get them back to secure operations. Businesses can reach the cyber incident helpline by calling 01786 437 472 […]
Read more