The National Cyber Security Centre (NCSC) has published guidance to help small to medium sized organisations prepare their response to, and plan their recovery from a cyber incident.
The NCSC define a cyber incident as unauthorised access or attempted access to an organisation’s IT systems. These may be malicious attacks (such as malware infection, ransomware or phishing attacks) or could be accidental incidents (such as damage from fire, flood or theft). The new guidance maps out a response to an incident over the following five stages:
- Preparation for incidents
- Identifying what’s happening
- Resolving the incident
- Reporting the incident to wider stakeholders
- Learning from the incident
The guidance includes practical advice on what to do at each stage.