Would Your IS Helpdesk Recognise a Cyber Attack?
In our personal lives we are used to having different telephone numbers to call for different situations. For example in the medical world we can recognise for ourselves when we have a true medical emergency requiring a ‘999’ call (911 for or US colleagues!) and when we need to simply call our GP to help diagnose an issue. The same can be said if we need the Police or any other emergency service. We know that those answering a 999 call will be able to respond to the emergency in a different and more appropriate way to the GPs’ receptionist (no disrespect to the GP receptionist).
With the speed with which cyber security attacks on our networks can take hold do we need to think in a similar way when it comes to our IS helpdesk? Do staff need a separate internal ‘emergency’ number to call when they fear they are under attack? At the very least we need to make sure that those answering helpdesk calls are sufficiently trained to recognise a real-time security incident and that they know how to respond appropriately and timely. Any slight delay in the process could make all the difference to the organisation under attack. If you are thinking this all sounds very dramatic and unnecessary let’s look at a recent real example which actually occurred to a major corporation recently relating to a Ransomware attack.
In this latest attack an individual within the organisation concerned received an innocent looking email inviting them to an industry event. Without thinking they clicked on the link and immediately their computer froze. They called the IS helpdesk and thankfully the person on the helpdesk was switched on enough to recognise this as an attack on their network and immediately isolated the PC from the network. By clicking on the link the person had inadvertently downloaded malware onto the PC which was designed to gain backdoor access to the network.
The quick thinking of the IS helpdesk prevented this from happening. Within 10 mins of clicking on the link the individual had also received a ransom demand from the criminals who at that stage thought they had been successful in introducing the malware to the organisation’s network. Because the PC had been isolated the attack was unsuccessful and the organisation was able to politely tell the criminals to go away. Even a delay of about 10 mins by the individual or the IS helpdesk could have resulted in a different story.
So have any organisations implemented a separate helpline for staff to call for such incidents?
How do you keep staff informed of the signs of a Cyber-attack so that they recognise an emergency situation?
How do you make sure staff across the organisation know how to respond timely and appropriately?
We welcome your thoughts.