Cyber attacks are no longer an abstract threat, but rather, a reality that businesses of all sizes consistently contend with. When an incident occurs, the immediate instinct for many
organisations is shutting everything down in an attempt to contain the damage.
While this reaction is understandable, it is not always the best course of action. In some cases, turning off systems prematurely can actually exacerbate the situation, making recovery more difficult and leading to greater operational disruption.
The difference between a minor disruption and a full-scale crisis often comes down to how well a company has prepared. Organisations that invest in incident response planning, real-time monitoring and a culture of cyber resilience are far better positioned to mitigate risks and maintain business continuity when faced with an attack.
Why you shouldn’t be shutting down
Immediately shutting down systems during a cyber attack, while not recommended, is a possible containment method depending on an organisation’s cybersecurity maturity. However, it can lead to unexpected complications. For instance, in a ransomware attack, abruptly powering down servers can corrupt encrypted files, making it harder to restore data later. Shutting everything down can erase critical forensic evidence that security teams need to trace the attack’s origin and understand its full impact.
Instead of an all-or-nothing approach, organisations should have a controlled containment
strategy. This means isolating affected systems while keeping essential operations running. If a specific set of devices are compromised, shutting those down, along with any applications being powered by those devices, can contain the attack in motion. The goal is to minimise disruption while still preventing the attack from spreading further.
Preparation is the best defence
The key to surviving a cyber attack without major operational downtime is preparation.
Organisations need a well-documented incident response plan that outlines exactly what to do when an attack occurs. This isn’t just an IT concern, it requires input from legal teams,
communications specialists and executive leadership. Without a clear plan in place, companies risk making reactive decisions that could make the situation worse.
Training is just as important as planning. Running cybersecurity drills and simulated attack
scenarios ensures employees and executives know how to respond under pressure. These
exercises expose weaknesses in the response strategy and allow teams to refine their approach before a real attack happens.
Building cyber resilience
Beyond just responding to attacks, organisations must focus on long-term resilience. This
means implementing robust data back-up solutions that are regularly tested to ensure they work when needed. It also means having redundancy in critical systems so that if one part of the business is compromised, other areas can continue functioning.
A crucial component of resilience is real-time threat detection. Many cyber attacks go
undetected for weeks or even months, causing extensive damage before anyone realises what’s happening. To combat this, platforms that can see all network activity down to the packet level play a vital role. Unlike traditional security tools that rely on predefined rules, network security tools can build a baseline behavioral analysis of network activity to detect and flag anomalies that need to be investigated. By continuously monitoring for suspicious activity, businesses can spot and neutralise threats before they escalate into major incidents.
The importance of clear communication
One of the most overlooked aspects of cyber attack preparedness is communication. When an incident occurs, misinformation and panic can spread quickly, both within the company and among customers and stakeholders. A well-prepared organisation has an effective Crisis Communication Plan to ensure that accurate information reaches the right people at the right time.
Companies should have designated spokespeople ready to handle external communication,
whether that’s informing customers about a data breach or updating investors on the situation.Internally, employees need clear guidance on how to proceed, whether that means avoiding
suspicious emails, dealing with possible press inquiries, or following specific security protocols.
A common challenge when faced with a cyber incident is the potential disconnect between
business executives and cybersecurity teams. The disconnect is exacerbated if executives
prioritise operational efficiency and revenue, but cybersecurity professionals focus on risk
mitigation and technical defences. This misalignment can lead to inadequate investment in
security initiatives or delayed responses to threats. Breaking down complex cybersecurity
concepts into clear, business-relevant language and demonstrating their impact on operations can help executives grasp the urgency of necessary security measures. This can be accomplished through coordinating and aligning the Business Impact Analysis, Business
Continuity Plan, Disaster Recovery Plan, and Incident Response Plan.
At the heart of an effective cyber resilience strategy is a fundamental shift in mindset.
Cybersecurity can no longer be seen as just an IT problem – it must be a core business
function. Companies that are committed to and invest in proactive security measures, foster a culture of cyber awareness and prepare for the inevitable are the ones that will withstand
attacks with minimal disruption.
The businesses that emerge strongest from cyber incidents are not necessarily the ones with
the most advanced defences, but the ones that have planned the most effective response.
Chad LeMaire is deputy CISO at ExtraHop.
Read more
Protecting against cyber attacks backed by generative AI – Threat actors are turning to generative AI capabilities to evolve social engineering and other cyber attacks — here’s how businesses can stay protected
What CIOs and CISOs learned from managing recent cyber attacks – Enterprises around the world are deluged by a flood of unprecedented cyber security threats. As a result, the roles of both chief information officers (CIOs) and chief information security officers (CISOs) are expanding and changing
