Over the past years, the size and magnitude of cyber security breaches have increased. More often we tend to underestimate the possibility of falling prey to a cyber attack. Small businesses feel like they’re too small to be attacked and larger companies like to believe that they have all the right protective measures in place to stay safe from cyber attacks.
In the case of a larger company, a security breach could just mean a negative reputation and financial losses that can be eventually covered. But for a smaller company, it can mean the end of their business if it’s not addressed in the correct way.
In reality, the amount of security in place or the scale of a business does not decrease the chances of falling prey to a cyber attack.
Companies should have a clear understanding of how to respond and recover from a cyber-attack. The default should be to turn to your cyber security incident response plan to take action immediately and better contain or reduce the impact of a cyber-attack. But unfortunately, as the stat below indicates, the majority of businesses do not have one.
So, if you’re at the receiving end of a cyber security incident, here’s what you should do.
Firstly, it’s important to understand the extent of an attack, its source and take further measures to limit its severity. There are a number of questions that your team should be finding answers to. Depending on what was infected, assess:
Who had access to it internally?
How was the attack initiated?
Are any online resources unavailable or having performance issues?
Are any files inaccessible?
What information was accessed?
Who may have been affected?
Which network connections were active when the breach occurred?
Have access credentials been changed?
Is any system functioning abnormally?
Are further business functions being affected with time?
These basic questions are a great place to start to narrow down on what is happening, determine if it’s spreading or how it’s spreading. An initial assessment will help determine the type of damage inflicted and the kind of remediation and assistance your organization might need.
With further investigation, you can also determine whether it was a targeted attack or you were breached as part of a mass attack.
If you don’t have a qualified internal team that can handle it, you should consider hiring cyber security specialists who can help you pinpoint the attack vector and suggest further measures.
After you have successfully identified the threat, now it’s time to contain the breach effectively. The focus must be on limiting the effects of the cyber-attack and neutralising it as much as possible.
This could include isolating all or parts of the compromised network, filtering, blocking or re-routing traffic, disabling remote access and changing all passwords immediately.
Depending on the insights gained by the internal team or cyber security specialists, all access to your data must be limited and the threat must be contained properly.
Having a record of all the happenings and the measures taken is important to reflect and learn from the experience.
The information recorded should include details of the compromised accounts, affected systems and services, actions taken to rectify the attack and how similar attacks can be prevented in the future.
Documenting detailed records helps in further assessing how mistakes could have been avoided and it prevents making repeated mistakes of the same nature.
Notifying authorities and regulatory bodies about a security breach on your organisation is a key step of responding to a cyber attack. Companies often hesitate to reach out to the authorities, worrying about the aftermath and how it might disrupt their business.
There’s also confusion around how to report an incident and what evidence should be handed over to a law enforcement agency.
Ideally, you should have contact with law enforcement agencies during the early days of your company so that you have awareness about how to deal with a cyber attack, instead of panicking when the moment arrives.
Communicating and being transparent with your customers is another important step in the response process. If an individual’s information is at risk, they have every right to know about it and responsible disclosure helps in maintaining a positive relationship built on trust with your customers.
There are always a lot of takeaways and lessons to be learnt from a cyber security incident. Facing a security breach can be a very stressful and intimidating experience. But it prepares you for the worst and strengthens you to be better prepared for the future.
If your company doesn’t have a cyber security response plan, it should be a top priority moving forward. Without an up to date plan, you are more likely to commit costly mistakes and be clueless in the event of an attack.
Getting cyber liability insurance can also be a viable option depending on the scale of your business.
Conducting frequent security checks and addressing all security issues on a timely basis can help you to reduce the likelihood of future cyber security incidents. Staying informed about emerging threats and prioritising security measures accordingly should also be part of the company culture.
Even with the best cyber defence mechanisms in place, you cannot be 100% sure that you won’t be attacked. But how you respond to a cyber attack and prepare yourself for the future is what matters.