How do you respond to a cyber attack?

Cyber attack

How do you respond to a cyber attack?

When faced with cyber crime, businesses don’t have to rely on a miracle

Despite its name, the Miracle on the Hudson, and the ensuing blockbuster film Sully, didn’t rely on deus ex machina; it was an example of excellent crisis management. PwC Director and Forensic Services specialist Campbell McKenzie explains how businesses can look to these lessons when confronted with cyber crime.

On January 15, 2009, US Airways flight 1549 took off from LaGuardia Airport in New York City and almost immediately hit a flock of migrating geese, causing both engines to fail.

Anyone who remembers the news coverage – or has seen the 2016 film adaptation, Sully – will recall what happened next. Captain Chesley “Sully” Sullenberger took control of the aircraft and successfully performed an emergency landing on the Hudson River.

As far as catastrophic events go, very few people or businesses will experience anything like it. However, we’re at a point in time when certain crises – cyber security incidents in particular – are going to happen to any business. It’s no longer a case of ‘if’ but ‘when’.

The Miracle on the Hudson, as the 2009 event would later be called, wasn’t a deus ex machina reserved for the 2016 film rendition, but an excellent example of how any business can work through a crisis – such as a cyber attack – with the right three-step process in place.

However, PwC’s latest Global Economic Crime Survey showed that a huge 55% of organisations don’t have an incident-response process in place at all. So, to even the odds, here’s a three-step approach that virtually any organisation can take to help avoid disaster, much like Flight 1549 did a few years ago.

1) Prepare

Before becoming a commercial airline pilot, Sullenberger had been a Captain, Flight Leader and training officer in the US Air Force. At the time of the accident in 2009, he had a reported 19,000 flight hours under his belt and remains an expert on aviation safety to this day.

The right person was in the right place – which was no accident.

The airline had a plan in place for an emergency, including the engine restart checklist First Officer Skiles turned to. The process gave Sully options on where to land the plane and, with all of them out of reach, the now-famous captain had the credentials to take an educated decision and control the landing in the best way he could.

This is what every business needs in 2017: a plan in place so when a cyber attack hits, they have the leadership, resources and processes in place to respond.

Fast fact: According to PwC’s latest Global Economic Crime Survey, a significant 55% of NZ organisations don’t have an operational cyber-crime incident-response plan, and only around half of board members request information about their own organisation’s state of cyber-readiness.

2) Respond

Sully didn’t act alone. When disaster struck, he had the backing of flight control to guide him, the rescue support of NY Waterway, the coast guard and City of New York, and the hands-on help of the three flight attendants who took orders and managed 150 troubled passengers – all of whom followed the plan and responded.

The timely efforts of all team members ensured that the best outcome could be reached. Without the quick response, the aircraft might not have been 270 metres high when it passed over the George Washington Bridge, but disastrously lower. The result of this perfect team effort was that all passengers survived and damage was contained.

Similarly, businesses that excel at cyber-security response in New Zealand run simulations to test their plan and train their people at least once a year. They also have an emergency response team, a carefully selected group of people who know their roles and can act quickly and decisively in a crisis situation.

Fast fact: 45% of NZ organisations don’t have a first-responder team to act on cyber breaches. Fourteen per cent outsource this, while almost one-fifth aren’t sure if they have a team at all.

3) Recover

Minutes after the crash landing, work began for the team at US Airways. The airline started dealing with passenger compensation and luggage recovery, while officials took action to help prevent the event happening again by displacing geese colonies in the flight path.

Aviation authorities began simulation testing to see if, should a similar event happen again, how the process could have been improved – for example, how an option to override automated flight controls could have allowed the pilot to make a softer landing.

Businesses hit by a cyber attack should immediately start working on their flaws, including identifying what allowed for the attack, what reputational damage it may have caused and how to salvage it, and how the response plan could be improved to limit other attacks in the future.

Fast fact: Learning your business’s vulnerabilities is essential, and yet the methods NZ organisations rely upon to learn about an attack could be called unsophisticated at best. Other than receiving tip offs (42%), the most common detection method is ‘an accident’ (18%), followed by ‘I don’t know’ (15%).

PwC’s cyber crime simulation Game of Threats™ is designed to help you learn more about your business’s ability to prepare, respond and recover from a digital attack. You can learn more via the video below, by visiting digital.pwc.co.nz/ideas/game-of-threats, or (of course) by getting in touch.

Game of Threats video

Want to know more?