Prepare To Be Hacked

Discover What You Don't Know Early

The passage of time can be the enemy of security. Environments evolve, people move on, and critical knowledge is often lost in the process. Even in organisations with process maturity where documentation is regularly updated, shadow IT and legacy systems can still introduce hidden risks that slip under the radar.

True resilience starts with full visibility and a clear understanding of your environment. Without this foundation, building and maintaining a strong security posture becomes nearly impossible. Put simply: if you don’t know about it, you can’t protect it.

Organisations should prioritise the creation of technical documentation for their environments.  When considering the level of detail think about how you would instruct a suitably skilled person to build the environment from nothing.  Include visual representations such as architecture and data flow diagrams as these can really help convey a huge amount of information very quickly when under pressure.

It is also important that you understand your attack surface - essentially every way that an attacker could interact with or exploit your environment - uncovering all assets and entry points - known and unknown - that could expose you to risk.

Conducting attack surface enumeration and threat modelling exercises are extremely useful at this stage to increase visibility.  Regular vulnerability analysis and penetration testing exercises should also be conducted to identify and remediate weaknesses in the environment at the earliest opportunity.  After all prevention is always better than cure.

What should be included in an Incident Response Plan?

It's important that you have a detailed plan in the event of a cyber related incident, so you know how to act and what role each team member plays, here is a list of the basics to include in an Incident Response Plan:

1. Introduction

• Clearly define the purpose of the incident response plan
• Outline the goals and priorities of the plan

2. Roles and Responsibilities

• Identify response team members and their specific duties during an incident
• Establish a clear hierarchy for escalation and decision-making

3. Communication Plan

• Develop a strategy for internal and external communication during incidents
• Include prepared materials such as:
  • Statements for internal use
  • Press releases for media
  • Customer communication templates

4. Incident Classification and Severity

• Define severity levels for incidents based on business impact
• Provide a decision matrix to guide escalation processes

5. Incident Response Procedures

• Include step-by-step guides for each phase of the incident response process:
  • Preparation: Establish readiness and preventive measures
  • Identification: Detect and confirm the incident
  • Containment: Limit the spread and impact of the incident
  • Eradication: Remove the root cause of the incident
  • Recovery: Restore systems and operations to normal
  • Lessons Learned: Review and document insights to improve future responses

6. Legal and Regulatory Considerations

• Define data breach notification requirements
• Outline procedures for engaging with law enforcement agencies

7. Appendices

• Provide a directory of key contacts
• Include checklists for incident response tasks
• Reference supporting documentation such as:
  • Architecture diagrams
  • System design specifications