New Cyber Guidelines

Chris Swagler | April 5th, 2024


The United Kingdom National Cyber Security Centre (NCSC) has issued new cyber guidelines to help CEOs in both the private and public sectors understand how to manage and respond to cybersecurity incidents. The guidelines, which are intended to supplement the existing Board Toolkit support package, are used as non-technical guides to assist business leaders in navigating the different courses of action that will be required while their IT and security teams are working hard. If companies become victims of significant cyberattacks, the immediate aftermath will be challenging and they may notice that certain sections have large amounts of information while others have none. Companies will have to make challenging risk-based decisions to protect their operations. Companies’ goals will be to minimize the impact on their business, clients, and employees in the next few weeks and months. With incident responses including security, business continuity practices, internal and external communications, and potentially financial and legal teams, the NCSC stated that proportionate and effective governance is becoming increasingly important for companies.

The first thing is to hire a dedicated senior responsible officer (SRO) or create more comprehensive governance command structures, including well-known three-tier bronze-silver-gold command structures that are employed in the United Kingdom’s emergency services. Additionally, CEOs need to oversee the structures’ implementation to assist their teams in making effective decisions, accounting for the incidents’ full impact across their entire company, encouraging collaboration between those managing the responses, and empowering senior decision-makers by clarifying how and why more of the cyber incidents’ technical aspects will affect them in practice. Companies must be willing to allow a thorough reaction to incidents; and numerous demands, including discussions with the board, customers, users, media outlets, and other stakeholders including regulators and insurance companies.

Need External Support

Having immediate access to external resources for assistance and support during cyber incidents is critical, therefore the structures need to be put in place while the sun is still shining. CEOs need to surround their teams with third-party cyber professionals; individuals who can step back and things through objectively can significantly improve the quality of decision-making during incidents, and assist victims in better managing legal, technical, operational, and communications considerations. The NCSC encourages and assures that numerous cyber incident response companies can be used, however, the guideline also states that cyber insurance carriers may choose to deploy their own in-house or preferred incident responders and be kept informed.

Ransomware Demands

In ransomware attacks, companies’ executives must weigh the risks of paying the demands to recover their data and systems. Cybercriminals frequently set strict deadlines, act aggressively, and lie to take money from their victims. Companies need to be prepared to handle cybercriminals’ tactics. Currently, there’s no provision preventing private sector companies in the United Kingdom from paying the ransoms, though there’s pressure mounting for the change. However, neither the NCSC nor the United Kingdom’s law enforcement encourages, endorses, or condones paying the ransom demands. There’s no guarantee that when cybercriminals get paid will act in the victims’ interests and paying outrageous demands has been shown to increase the likelihood that the victims will be targeted again.

Mental Health

CEOs need to prioritise employees’ morale and wellness during cyberattacks since stress and uncertainty can be extremely detrimental to incident response. The NCSC recommends that it will need to be a continuing process; beyond an initial burst of activity, cyber incidents frequently have long tails with impacts that last months or years, if regulators become involved. Teams must make crucial decisions during the processes; therefore good wellness practices are critical in assisting companies and help retaining workers in the long run.

Beyond Resolution

When the cyberattacks have passed, companies will frequently face many questions, which can be extremely daunting, about the risks to clients and staff data, so the impacts from all breaches must be properly communicated, both to the victims and law enforcement, incident responders, insurers, and regulators. The Information Commissioner’s Office continues to provide comprehensive guidelines on the topic, including the 72-hour reporting framework for breaches. Good and honest external public relations will reassure staff while also protecting the company’s overall reputation. Communications need to be factual and straightforward, with no attempt to mislead or downplay the situation, which could cause problems and harm trust in the future. The communication plans and who receives which details, need to be planned out ahead of time. The complete transparency strategy is not for everyone, however, the British Library, which published an in-depth report on its experience with a ransomware attack in March 2024, sets a gold standard for incident communications best practices.

The NCSC advised CEOs to analyze the lessons from incidents, including debriefing sessions with those involved to determine what went right, what went wrong, and what could have been done differently. To be effective, the technique requires a genuine willingness to learn from the experience and understand what caused it, thus the reviews need to be systemic, and more importantly, not pin down a single underlying reason or blame one person. The goal is not to punish, but to prevent and prepare, therefore everyone involved must grasp the numerous factors surrounding the incidents and how they’re related to one another.

The NCSC’s guidance provides CEOs with a roadmap to navigate through cyber incidents. It underscores the importance of preparation, planning, communication, incident response planning, understanding of legal and regulatory requirements, and learning from incidents. By adhering to these guidelines, CEOs can better equip their organizations to prevent, detect and respond to cyber incidents, thereby reducing the potential impact on their organization. The NCSC’s guidance serves as a timely reminder for all business leaders about the importance of cyber security in today’s digital age. It is hoped that CEOs will take note of these guidelines and incorporate them into their strategies to ensure the security and resilience of their organizations against cyber threats. At SpearTip, our Incident Response Planning (IRP) provides a comprehensive evaluation of a client’s current IRP. If not currently in place, the Advisory Services team will draft and provide a plan that is unique to the client’s needs and operations. Our tabletop exercises will help organizations determine maturity in responding to a breach. We take real-world threats and apply them to their current exercises to ensure no single points of failure. Our team walks with the companies’ executive team through a simulated cybersecurity incident to help prepare an effective response to an event.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.


Connect With Us

Featured Articles

Cuttlefish Malware
Cuttlefish Malware: A New Threat to Routers and Traffic Monitoring
24 May 2024
Security Awareness Training
Security Awareness Training Crucial Role
22 May 2024
Phishing Campaign Assessments
Phishing Campaign Assessments Can Be Effective For Companies
20 May 2024
Incident Response Planning
Incident Response Planning: Why It's Important
17 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.