What to do if a company is under cyberattack?
With all different types of malware and cyber-attacks rising day by day, it is also important to know what to do when you are under any type of cyber-attack.
Regardless of how big or small your business is, if your data, important documents, or customer information is exposed, recovering from the aftermath could be difficult.
What can we do to avoid cyber-attacks?
Fully understand your risk profile
By knowing your industry and its attack vectors, what is valuable to your organization, and how to protect those assets, security personnel can effectively create, support, and promote cybersecurity initiatives. Identify and classify different cyberattack scenarios
Enforce policies
Policies can be as simple as a strong password, but should ideally go well beyond passwords. Security policies should be documented and automated wherever possible to avoid human error or omission. Circling back to Executive Support, policies should be a part of the culture that everyone chooses to follow. Also, keep things simple so that non-IT executives can understand.
Train your employees
Security awareness is crucial in order to create a security culture within an organization. Your employees should be aware of your business’s policies regarding data breaches. So, there should be specialized training for those that deal with the most sensitive data in the company.
Also, consider restricting your employees’ access to data based on their job roles.
Keep an offline backup of critical data
Data is the lifeblood of an organization. Data loss is often as damaging, monetary, and brand, to an organization as a data breach. Many companies don’t even recover after a data breach event. So it is always important that you keep a copy of critical data in a secure offsite location.
Keep systems updated
Another direct method for avoiding a breach is simply to apply security patches to software and hardware systems on a prompt and routine schedule.
Invest intelligently in security
Information overload prevents many organizations from making intelligent security decisions. There are a thousand vendors pitching a thousand variants of “best practice” security models. Create a plan based on the needs of the organization and implement policies and tools that augment the plan.
Make sure you are covered
If the worst does happen and you’re facing the repercussions, your final line of defense is a watertight and specialist cyber insurance policy. Bear in mind that insurance policies can vary significantly, so be sure to seek specialist advice regarding the best option for your needs and how these might change over time. Some insurance policies will also offer an immediate response plan and external expertise as part of your cover, giving you one less thing to worry about.
While it seems like a scary world out there, with the right tools, you can protect your enterprise from cybersecurity threats.
Shift from Remediation to Prevention
Many large organizations have sophisticated network security mechanisms. These include security-oriented network designs, network intrusion prevention systems, and the most traditional systems like enterprise antivirus, firewall, group policy, and patch deployment. These systems have been effective for preventing most attacks, and are somewhat effective for helping to identify where a breach may have occurred, but are not sophisticated enough for more advanced attacks, which are often the most damaging. For an organization to move ahead of the threat of cyberattacks, it must go beyond traditional security systems and shift focus to more preventative solutions. Organizations must invest in tools that bring the organization to the front of cybersecurity, with a focus on prevention. Below are some examples of preventative tools and techniques that organizations can invest in:
Threat Detection.
Organizations should focus on investigating and learning about breach attempts. An effective detection and response system should be implemented.
Network Traffic Inspection.
Network traffic inspection is essential for anticipating cyberattacks. A good network engineer should be asked to perform network traffic analysis as a daily routine.
Network Segmentation.
Many organizations are segmenting business units from the network level, using VLAN technology. This type of segmentation ensures that in the event of a cyberattack, problem areas are isolated as they are investigated.
Penetration Testing.
Penetration testing should be performed on a continual basis, to ensure that network security is maintained at the highest level. In addition to network penetration testing, social penetration testing should occur, to ensure that employees are trained on safe business communications practices.
How to respond to a breach?
Survey the damage
Following the discovery of the breach the designated information security team members need to perform an internal investigation to determine the impact on critical business functions. This deep investigation will allow the company to identify the attacker, discover unknown security vulnerabilities, and determine what improvements need to be made to the company’s computer systems.
Contain the damage
We have to take the next steps to keep this attack from spreading. While you may be tempted to delete everything after a data breach occurs, preserving evidence is critical to assessing how the breach happened and who was responsible. Also, going offline is a bad idea because it tells hackers they’ve been spotted. They’ll go silent so you can’t identify them but you’ll lose a lot of data. Here are things to do to contain a breach:
- Change passwords
- Disable remote access
- Re-route network traffic
- Isolate all parts of the compromised network — Like unplugging the LAN cables and moving it to contain the threat inside the unit.
- Install any pending security updates or patches
You also need to make sure that the root cause or causes of the attack or the breach aren’t still lingering in the system. Once you ascertain everything is safe and that first responders or themselves have properly documented the incident, they’ll have to look at all of the assets within the company and check for damage. You should start consulting your detection technologies to make sure there are no additional threats within the network.
Record and investigate the damage
You may be able to pinpoint how the breach was initiated by checking your security data logs through your firewall or email providers, your antivirus program, or your Intrusion Detection System. If you have difficulty determining the source and scope of the breach, consider hiring a qualified cyber investigator.
Aside from reconstructing the narrative behind the cybercrime, the team should also document every step of the investigation. It is always best practice for the information security team to keep a written log of what actions were taken to respond to the breach, for future references. That information should include:
- Affected systems
- Compromised accounts
- Disrupted services
- Data and network affected by the incident
- Amount and type of damage done to the systems
This is important since auditors and investigators from the government will verify and check the extent of actions the company has taken to investigate and remediate the issue.
Inform Law Enforcement and the Authorities
When a cyber-attack occurs, law enforcement must enter the picture as soon as possible. The problem with delaying this particular step is that it could be taken as a sign of culpability in the attack. Companies don’t report to the law following an attack because they think investigations can put a halt to operations. Agencies like the FBI will work in a non-disruptive way and cooperate with the victims of an attack.
Your Legal Response
There are numerous legal issues to consider, particularly since the introduction of the GDPR last year. These include informing the Information Commissioner’s Office (ICO) of the breach, defending your business against any claims of malpractice, as well as managing your approach to customers and the media. For this, you’ll need a good lawyer, ready to support you from the moment you’re aware of the problem.
Manage the fallout
Notify managers and employees of the breach — If a breach puts an individual’s information at risk, they need to be notified. Communicate with your staff to let them know what happened. Define clear authorizations for team members to communicate on the issue both internally and externally. Remaining on the same page with your team is crucial while your business is recovering from a data breach.
Notify customers — You have to inform your customers if their data has been stolen, or contact your bank should you believe your finances have been compromised. Communication can be key to maintaining positive, professional relationships with your patrons.
In case of financial compromise, you may need to take steps such as freezing or closing your accounts, even if no money has yet been lost, to bar the thief from accessing the accounts in the future.
A data breach can be stressful, but as long as you take the right steps, your business will be better prepared to recover successfully. Moving forward, conduct frequent security checks to help reduce the likelihood of an incident occurring again in the future.
Learn from the breach
Since cybersecurity breaches are becoming a way of life, it is important to develop organizational processes to learn from breaches. This enables better incident handling, should a company be affected by a breach in the future.
