A cyber attack. You’d get shivers down your spine just thinking about it. As more of our lives- both personal and professional- are being moved online, the threat of a cyber attack increases, and with it the repercussions it would entail. We all have firewalls, anti-virus software, a few bulbs of garlic by the window, all to keep the bad from coming in. But eventually, regardless of what measures you take (most IT professionals would not recommend the garlic), there will be a breach. Speaking in statistics, 83% of businesses believe that the complexity of their organisational structures and IT infrastructure is putting their company at risk. And just think about what you have online; so much of your personal life, and your business. While both are sensitive (though I personally don’t really mind if my chocolate-eating habits become public knowledge), the latter could really affect your business reputation. While we all know that an attack is a real possibility, a lot of businesses haven’t really put much thought into it, and haven’t put a contingency plan in place.
So, what should you do in the case of a dreaded cyber attack?
Don’t panic- find out what happened
First of all, breathe. Until you know exactly what has been hacked into, there’s no point in fearing the worst and losing your cool- you’ll need it going forwards. Now, it’s important to find out what exactly caused the breach, and fast. Speed is a priority, and might just be what saves your reputation. What data has been compromised? How much data has been compromised? It’s also vital to determine whether you’re looking at a malicious attack or a technical glitch.
Secure your systems
Now that you know what exactly you’re dealing with, you need to contain the breach. You might think that the first call of action would be to shut everything down. Push that big red button, sound the alarms, go into lockdown. This may not be the best idea though; the hackers could sense that you’ve cottoned on and that could in turn make it harder to identify the culprits. Using another device, change your passwords and logins- the hackers may have installed software to track and record your movements. Implement a firewall on the affected machine to prevent it from broadcasting outside of your building. If you try and track down the source of the attack it may leave you open to further attacks. This is where good business continuity comes into play; even ten minutes of system downtime can be extremely costly, so switching over to an unaffected back-up can help minimise financial impact. So, does your IT solution include business continuity? Have a chat with our experts at Cetus to alleviate that worry.
Call in your legal army
As soon as you discover a breach, call in your army- of legal defence. If you don’t have a company lawyer, now is definitely the time to get one. There are plenty of legal issues to be considered, including whether or not to inform the regulator. In The UK, we have the Information Commissioners Office (or the ICO, who are spear-heading the GDPR movement in the country). Protecting your organisation from claims of malpractice is paramount. This includes how you will be informing those customers of yours that are affected. Clearly, having legal defence to point you in the right direction is crucial. At this point, it’s important to begin keeping detailed records of everything that happened and your steps to resolving the issue. Everyone who is participating in the incident response needs to keep detailed, ongoing accounts of what steps are being taken and why, as well as any costs incurred as a result of the attack. Things of particular importance to note; all incident-related communications, the identity of the systems, services, accounts, network and data affected by the breach. Don’t forget to record all of the information that is related to the amount and the type of damage that has been inflicted.
Stay alert- it might not be over yet
This is the last thing you want to hear, but realistically, it might not be the end of the nightmare. I know you just want to start putting things back together and start healing, but with the variety of scams at the moment, you might not know what you’ve fallen into. Depending on the nature of your attack, there might be more suitable incident plans to minimise damage. Ransomware attacks are the most common forms of attacks recently, as criminals scare you into paying them for control over your computer. Get in contact with your leading anti-virus firm, they always keep on top of the latest attacks- you might not be the only victim. Just make sure to keep your other devices secure- the hackers are also able to attack tablets and smartphones!
Hearing the word get out
Be prepared- you might be in the press spotlight after the attack. This is another reason why it is so important to work quickly and ensure that you take all the necessary steps to detail what you do to contain the breach and how you work towards minimising the damage. You’ll need to have a tailored statement ready as soon as possible- if you don’t have an internal PR department it would be worth investing in external support. But before the press even start reporting on the story, it is wise to inform your affected- or potentially affected- customers. It’s not a nice prospect, but the sooner your affected customers know that their data was part of the breach, the sooner they can take measures to protect themselves.
Learn from the attack- investigate!
You’ve made it, hopefully with minimum breach and your reputation still standing. But now is not the time to celebrate- it’s time to learn from the incident. Carry out a full investigation, determining how it occurred, its affects and any remedial factors that would prevent it from happening again.
And there we have it. While a cyber attack isn’t on anyone’s wishlist, these are some of the best ways of dealing with the aftermath. Not in the middle of a cyber attack right now? Come talk to one of our experts today to complete a complimentary security posture review, where we will analyse network traffic to detect a variety of security threats including malware infections,
evaluate end-point security with focus on mobile device management,
assess any threats posed within your infrastructure such as east west traffic, and more.