News & Views

Recovery from a Cyberattack: What You Need to Know

by Daniel Williams - Mar 1, 2018

It's the type of situation that absolutely nobody wants to find themselves in. One minute you're at an afternoon meeting, talking with employees about that big project you're working on for your most important client. The next minute you've got a member of your IT staff rushing to the room, letting you know that they've detected suspicious activity on your network.

 

They dig a little deeper and confirm your worst fears — your organisation has been hacked, losing out on valuable and confidential data. It is difficult to think about the massive repercussions to your business, clients, and customers. How did you not see this coming?

 

It's a problem that more and more business owners are likely to find themselves in over the next few years, particularly since cybercrime is on the rise. In 2016 alone, cybercrime cost the global economy a staggering $450 billion. During the same year, more than two billion personal records were stolen — and that was just in the United States. There's a reason why the cybersecurity unemployment rate is literally at 0% , and this is a problem that isn't going to go away anytime soon. 

 

Statistics like these underline why a solid disaster recovery plan is so critical to combat the after effects of a data breach or other cybercrime events. You can't go back in time and prevent the attack from happening, and this is essentially out of your control. What you can control, however, is what happens next and what you learn from the entire situation.

 

Identify and Isolate the Breach

 

While the breach itself is still going on, the most critical thing that you and your IT security teams can do is A) identify the breach and its ultimate cause, and B) isolate it before it does any further damage.

 

If a particular computer in your office was struck with a piece of malicious software like ransomware, for example, you need to get that machine disconnected from the network as quickly as possible before hackers can gain access to other data in your network. However, your actual response will depend on the type of malware or hack that you're currently dealing with.

 

During these initial hours, you'll also need to see what, exactly, was compromised. Was anything stolen? Was anything destroyed? What is the extent of the damage from a purely, raw data perspective? These are important questions that you need to address to prepare for what is about to happen next. 

 

Notify Everyone

 

The next thing you need to do when recovering from a cyberattack involves notifying all relevant parties, including your customers, that the attack has taken place. Keep in mind that new legislation is now penalising businesses that do not adhere to data breach notification requirements.

 

If you fail to notify everyone who needs to know within the appropriate amount of time, your business could be liable for up to $1.8 million in fines and your directors could get hit with $360,000 per breach. Based on that, it's safe to say that you need to make notifying the public about a breach to customer data a top priority.

 

This will also be an excellent opportunity to consolidate your legal defense system. Always review your responsibilities (both in a legal and a regulatory sense) with your legal counsel before you proceed. Find out exactly who you have to notify (clients, vendors, or other partners), find out when they have to be notified by, and figure out what you have to tell them and more. 

 

Prevent Future Breaches

 

Though it may be difficult, you'll want to recognise this time for what it really is — a learning opportunity, albeit a costly one. Your system had one or more vulnerabilities that were taken advantage of by someone who knew what they were doing. Now, it's time to make the changes necessary to prevent further breaches from happening again.

This is another one of the many areas where third party security professionals can be of help, both in terms of identifying network vulnerabilities used in the first place and securing other weak points that could lead to another breach.

 

While it's true that no network is impenetrable, preventing further breaches by way of due diligence and layering security is absolutely critical moving forward. 

 

Ongoing Employee Training

 

You'll also want to take this time as an opportunity to refresh your employee training practices to help make sure that they don't unwittingly open up your network to hackers in the future. Cyber attacks like malware, ransomware, phishing attacks and more usually succeed because of good old-fashioned user error. Training and proactively educating your employees are the best preemptive approaches you can take to prevent cyber attacks from ever happening.

 

Actively teach your employees how to identify malicious emails. Educate them about how important it is to change their passwords regularly and to not click on suspicious links in emails with unknown senders. Your network defences and your IT security staff will thank you for it. 

 

Improve Your Security Solutions

 

Finally, you need to come to terms with the fact that inspite of your current security efforts that have been enabled by your SME, you can still become the victim of a hack. Maybe you’ve allowed your security software to fall out-of-date. Maybe you simply lack the manpower necessary to proactively and consistently protect yourself in the first place. Regardless of the reason, changes are in order and they need to be implemented sooner rather than later.

 

Partnering with a managed services provider like Powernet, for example, is a great way to tackle many of these challenges all at the same time. By outsourcing some or even all of your infrastructure to a trusted third party, you can leverage all of their expertise to your advantage with as few of the downsides as possible. They can take over your security operations on your behalf, making sure that everything is updated and protected at all times — no exceptions.

 

To find out more information about what your SME can do to recover from a cyberattack, or to learn more about how a managed services provider can help take your cybersecurity efforts to the next level, don't delay — contact Powernet today. 

TAGS: it security, cyber security, disaster recovery planning