Lessons from Jaguar Land Rover: how can businesses prepare for cyberattacks? | Computer Weekly

Lessons from Jaguar Land Rover: how can businesses prepare for cyberattacks? | Computer Weekly

Briefly

"This incident is a stark reminder that cyberattacks are no longer rare, nor confined to small or poorly protected businesses and that even global brands with sophisticated IT systems can be brought to a standstill. For UK businesses, the question is no longer if a cyberattack will happen, but when. There is though, much a business can do to prepare for a cyber-attack to both reduce the prospect of falling victim to an attack and to mitigate the loss they can cause."

"Effective cyber resilience begins long before an attack occurs, and preparation can be key in mitigating the financial, technical or reputational damage. As such, many boards are now beginning to treat cybersecurity as a strategic priority, not a technical afterthought. Effective preparation can encompass several aspects, and this can differ from business to business. Often, this includes the creation of a clear, rehearsed incident response plan that identifies who does what in the first 72 hours and beyond, from isolating systems to briefing the regulator. The most effective plans are rehearsed by running crisis exercises and simulations so that staff know their roles, and leadership can practise decision-making under pressure."

"Backing up your systems and testing that systems can be restored quickly if compromised is also critical, with the JLR incident showing just how much damage a full shutdown of operations can cause. Staff can also be more effectively trained to spot phishing attempts, unusual device activity and other red flags which may indicate an attempted breach of a company's systems. Staff should also be made aware of the importance of ensuring that they install the updates that are rolled out by their IT team."