Help! Who do I escalate my cyber emergency to?

By Peter Groucutt, managing director of
Databarracks

The US senate has passed a new law which will demand the federal government increase its support for organisations hit by ransomware. The DHS Cyber Hunt and Incident Response Teams Act would require the Department of Homeland Security (DHS) to build dedicated teams tasked with providing advice to organisations on how best to protect their systems from attack, as well as other technical support, including incident response assistance.

The creation of the law comes as the US responds to rising cyber-attacks. This year alone, 621 public-sector organisations, in the US, have suffered ransomware attacks. In July, Louisiana declared a state of emergency after ransomware hit three public school districts. A state of emergency means state resources become available. This includes cybersecurity experts in the Louisiana National Guard, Louisiana State Police, the Office of Technology Services and other state level authorities.

A month later, 23 Texas towns fell victim to coordinated ransomware attacks with cybercriminals demanding cryptocurrency payment at the same time. Whilst a state of emergency wasn’t declared, the Texas State Operations Center, Texas Military Department, Department of Homeland Security and the FBI were involved in the response.

The US Government is taking action to help support organisations dealing with cyber-attacks. Peter Groucutt, managing director of Databarracks says this commitment at a national level is necessary.

“Every organisation is responsible for its own cyber security but coordinated strikes against multiple entities or mass-scale attacks from nation state actors require an equally coordinated response.

“Cyber incidents can feel isolating but there is support you can turn to. Firstly, the National Cyber Security Centre (NCSC), the UK’s cyber security authority, offers real-time threat analysis, defence against national cyber-attacks, technical advice on cyber security, and response to major cyber incidents. This includes guidance and resources, through to active involvement when needed.

“The NCSC has 6 incident categories. The resources available depend on the seriousness of the incident. For example, a Category 6 incident (a cyber-attack on an individual or SME) has access to remote support and standard advice. A Category 1 incident is a cyber-attack causing sustained disruption of UK essential services or security. In this case, the NCSC, Law Enforcement, Lead Government Departments and other relevant bodies coordinate a response.

“If your incident is isolated (and assuming you are not part of the critical national infrastructure) it is unlikely you will receive direct assistance. If the attack is more widespread – like the co-ordinated attacks in the US – the response may be led by NCSC.

Groucutt continues, “Organisations dealing with a cyber-attack don’t always think to contact the police, but it is important they do. Even if an attack is handled well and no data is compromised, you should report it to law enforcement via Action Fraud or the 101-call centre for Police Scotland. 

“You may not receive support or benefit directly but contacting law enforcement benefits everyone else. The more we report, the better-informed law enforcement can become, using this knowledge to help others. 

Finally, Groucutt, says you may be able to call in support from your insurance company. You should of course notify them of an incident in case you later need to make a claim, but they may also be able to provide assistance during the incident. Cyber insurance is a relatively new and rapidly growing field and often includes access to expert support to help with the response. This might be PR and crisis management professionals or cyber experts. It is obviously in the cyber insurer’s best interest to speed up the recovery and minimise potential claims.”