Cyber incident response

Cyber Operations, The Key to Cyber Incident Response

Ransomware attacks are on the rise during the COIVID pandemic. This article discusses those threats and methods that can be employed to remediate against them.

Ransomware attacks intensifying

Cyber-attacks and cyber-crime activity increased by 125% in the first half of 2021 when compared with the same period in 2020. Large rises have been seen in the deployment of malicious code to provide hackers with initial access and subsequent control and/or disablement of IT environments via ransomware implementation.

Time to recover underestimated

The UK saw almost 25% of this upturn and businesses now seem to accept that as these attacks increase, it is inevitable they will experience a breach at some point. With the additional complications presented by new/dispersed working practice, Heads of IT and CISO’s are urgently reviewing their defences and looking at how they can be better prepared for an attack by creating or reviewing response plans for such an event.

Unfortunately however, it seems that for the many organisations recently targeted, the steps to recovery have been severely hampered by a lack of specialist knowledge and capability within IT to deal with a cyber incident. This is because most teams simply do not have any prior experience of contending with something like ransomware, in fact for many teams it has been their first time trying to unravel the complexities of a focused cyber-attack and subsequently the time to recover and achieve full operation has been weeks not days, pushing some businesses to the very limit of sustainability.

Improving attack response & effectiveness

The route to improving this response could be to recruit your own cyber specialists but achieving efficient 24/7/365 capability is a significant challenge and would need suitable headcount which is cost prohibitive for most businesses. Alternatively, completely outsourcing your security operations may provide improved coverage and experience but the provider often has limited knowledge around the specifics of your environment and there can be a lack of consistency with the delivery of service personnel.

For many organisations the correct approach is to find a balance that provides blended management of cybersecurity utilising both in house personnel and an external cyber security operations partner. With this delivery model, security operations experts work directly with your own IT staff to deliver 24×7 comprehensive coverage. Services can be pro-active and work side by side with your team to provide specialist guidance on an ongoing basis, specific security needs are identified meaning environments are configured and hardened for maximum resilience thereby ensuring security posture gets stronger over time.

The Role of Cyber Incident Response Providers

Most importantly, ownership of cyber incidents remains the responsibility of the security partner meaning an appropriate level of expertise and escalation is applied immediately and in parallel with your own IT staff to consider the specifics of environment and infrastructure, this shared responsibility addresses they key issue of time to recover & resolution and the core objectives of the business in achieving operational activities.

Cybersecurity requires constant vigilance and adaptation which is unattainable for most IT teams, doing it effectively and at an acceptable price point adds further difficulty to the challenge. I feel that for many organisations this is probably the most compelling and practical solution to the increasing and ever evolving threat from cyber-attack and ransomware.

If you would like to implement an immediate improvement to your cyber operations and receive expert guidance along every step of your security journey please contact us, here and we will explain how simple it can be to get your organisation to an increased level of cyber safety.

Blog written by Howard Johnson, Cyber Practice Lead –

Further Reading;

NG-IT Cyber incident Response, click here to find out more.

For detailed information on cyber incident response from the NCSC click here.

For information from the NCSC about cyber incident response planning click here.

To check out our other cyber security blogs click here.