EVEN THE BEST
Cyberattacks. Unfortunately, they happen to the best of us. Even with superlative cybersecurity, there is always the risk that your It network and its data will fall prey to bad actors. The situation is exacerbated by the fact that it’s not always easy to recognize that it’s happening. IBM reported that companies on average take 207 days to identify a data breach and another 87 days to contain the cyberattack. A case in point is SolarWinds. The September 2019 attack on the Oklahoma-based software company breached the data of hundreds of private companies and government agencies but was only publicly reported in December 2020. Consequently, the Russian attackers had 14-plus months of access to confidential data. But while a cyberattack may be unavoidable, there are many things you can do to manage it and contain the damage.
HAVE YOU BEEN HACKED?
Put simply, the quicker you detect a hack the quicker you can deal with it. Email phishing, ransomware, and DDoS attacks are relatively easy to identify as their effects are potentially instant. Also, if you have appropriate antivirus monitoring installed, you’ll be alerted about any incidents. But often, attackers go to great lengths to cover their tracks and passive breaches and cyber espionage can be much more difficult to spot. Higher-than-normal network usage, your network becomes sluggish and slow, unusual password activity, missing data, changes to account access or losing account access, or applications continually crashing are all signs that you’ve possibly been hacked.
UNTARGETED OR TARGETED
Once you know that you have been breached the next step is to identify the type of attack and hopefully its source. Knowing this you’ll be able to ascertain the extent of the attack and its probable impact. The UK National Cyber Security Centre (NCSC) classifies cyberattacks into two groups:
- Un-targeted attacks where attackers indiscriminately target as many devices, services or users as possible. This could be through phishing, water-holing, scanning, ransomware, etc.
- Targeted attacks where your business is of specific interest to cybercriminals or has been paid to target you. These attacks can include spear-phishing, botnet deployment or subverting your supply chain.
Having identified the attack, you’ll be able to focus your efforts on containing it and recovering from it.
REIN IT IN
Passive cyberattacks like traffic analysis or keylogging provide attackers with a persistent backdoor into your network. They love this because data can continue to be extracted over a protracted time. Once you’ve identified the type of attack, it’s vital to deny hackers all access to your systems. You should take these steps, irrespective of the type of attack you have suffered:
- disconnect the infected network from the internet
- disable all remote access to the network
- re-route all network traffic
- change all vulnerable passwords
- maintain firewall settings
- update all security patches
You can then set your mind to returning your network to a secure working state.
HOW BAD IS IT?
Next up you need to determine the extent of the damage. Here are some good questions to ask:
- Which critical business functions have been compromised?
- What data has been breached?
- Which systems have been illicitly accessed?
- Do any vulnerable entry points to your network remain?
Accurately assessing the damage will help you to prevent the same kind of attack from happening again.
RECOVER AND REPAIR
Ideally, your business should have both a disaster recovery plan and a cyber recovery plan. The former, as we know, is designed to ensure business continuity following a cyberattack. On the other hand, cyber recovery provides data asset protection and prevents potential data loss in the future. A rigorous cyber recovery includes a detailed cyber incident response plan that assigns responsibilities to teams and contains all the necessary steps your business should take to recover as painlessly as possible. Typically, the recovery and repair process means:
- using secure backups to restore data and resume operations
- recovering or rebuilding lost data
- repairing or replacing any damaged hardware
- analysing and improving your cybersecurity procedures
LET THE ICO KNOW
In the UK it is a legal requirement to report any breach of personal data to the Information Commissioner’s Office (ICO) within 72 hours. This can be done at www.ico.org.uk. The ICO, with good cause, may share details of the cyberattack with the NCSC and other local and international cybercrime regulators and agencies and law enforcement agencies. The ICO can take regulatory action against any business that has not taken adequate steps to protect data, does not effectively manage a breach, or fails to report it.
TELL YOUR CUSTOMERS
“Let’s keep it a secret” is not a good plan of action following a cyberattack. You owe it to your customers, stakeholders, and everybody else to notify them, especially if any of their personal data has been compromised. And speed should be of the essence. Proactively managing the public impact of the breach will help you save face in the long run and curb reputational damage to your business. You could even issue a press release regarding the incident. Being upfront and transparent will go a long way in maintaining public trust.
LEARN FROM MISTAKES
You would have learnt your lesson from one cyberattack and you don’t want history to repeat itself. Conduct a thorough investigation and determine how to change your processes and procedures to ward off future attacks. You can use the incident to get smarter and stronger about your company’s cyber hygiene and cybersecurity. Dr Christopher Frei, the Secretary General of The World Energy Council, once said:
“We’re in the stone age of cyber security. Real learning will only come after the 1st major incident.”
PROTECT IT BETTER
A sure way to stave off any cyberattack – whether un-targeted or not, is to have the best cybersecurity. And this is where I can help. I have more than 20 years of experience in professional business IT support, specializing in cybersecurity and risk mitigation. If you have any concerns about your cybersecurity procedures or the state of your cyber hygiene, please give me a shout. Though I can’t guarantee that you will never be hacked, if it does happen you’ll bounce back even stronger than before.