Russell McVeagh's ‘Cyber Attack Toolkit’ describes a model on how to prepare for, and respond to, a cyber attack. The step-by-step guide covers three key elements: the roles and responsibilities of a cyber response team, the eight steps towards cyber attack preparedness, and how to respond to an attack – including the technical response, managing external communication and making or defending legal claims.
The publication has been authored by the firm’s Information Communication and Technology (ICT) team, who advise on the full spectrum of technology matters for the private and public sector.
Cyber attacks are occurring constantly and all organisations, regardless of size, are targets. Responsibility for cyber attack prevention and cure should not lie solely with an organisation’s IT department, or with IT providers – instead, management teams should understand the risks and have devised and implemented an appropriate cyber resilience programme across their organisation. Anyone who has access to IT systems and data presents a vulnerability that could be exploited by a would-be hacker, and therefore, we all should be concerned with being cyber attack prepared.
The publication outlines ‘eight steps towards cyber attack preparedness’, explained in an easily-digestible Cyber Attack Toolkit. The eight steps include:
- Making an inventory of critical IT assets;
- Assessing the risks and understand the practical impacts of a cyber attack;
- Setting the standards and determine the standard of reasonable protection;
- Doing a gap analysis of current practice;
- Ensuring appropriate documentation and contractual arrangements are in place;
- Making and implementing a plan to rectify current deficiencies;
- Planning for an attack;
- Testing organisational response and continually adapting to changing circumstances.
The ‘How to respond’ section of the booklet details ‘three 'C's of a cyber attack response’: Correct, Communicate, and Claim. Advice includes how to leverage contractual rights, who needs to be advised (and what and how they should be told), and then, after the dust settles, how to determine what kind of claim an organisation may be able to make (and what claims may be made against the organisation).
The Cyber Attack Toolkit is available by request. Please email us to request access to a complimentary copy, and please get in touch with one of our team members should you like to further discuss.