When your company suffers an attack a lot of things happen. So get informed about what you should and shouldn’t do when your company is hacked.
Previously we have talked in this blog about cybersecurity, different attacks made to several companies, methods to keep you safe, among other topics; however, it is time to talk about the processes that occur after your company suffers an attack. We know that this can be a difficult thing to digest, depending also on the type and magnitude of attacks; but we also know that many times you don’t know how to react or what to do when this happens. So we bring you some tips on what to do and what not to do when your company is hacked.
What happens when companies are hacked?
There are many and varied consequences that occur after suffering a cyber attack. Depending on the severity, the company must make a payment to recover part of the information encrypted by the ransomware; also to replace or repair any hardware affected by a virus, physical attacks or infrastructure damage. There is a statistic made by Grant Thornton’s International Business Report; which states that 31% of companies in Europe have suffered attacks on their infrastructure or the objective of their attack was directly to cause damage; on the other hand, 14% have been victims of extortion as a target of attack; since they demand money in exchange for stopping attacking their systems.
Also between 5-6% have reported suffering direct theft, whether funds or sensitive customer information. Now, a somewhat curious factor that has arisen is that many of the companies take some time before they know they have been attacked. According to statistics; many companies take between 1 and 3 months to realize that they have been attacked; or that a cybercriminal has entered their system.
But why does this happen, because there are different factors that can determine this situation; it can happen that the methods used by hackers are very advanced compared to the security methods used by the company; so it is more difficult to detect than normal; another factor is the lack of knowledge or lack of concern that companies have about cybersecurity; it can also occur when companies are small or are conforming do not have a sufficient budget to meet the needs of a good cybersecurity service.
What should you do when your company is hacked?
Don’t panic: the first thing to keep in mind in this situation is to keep your feet on the ground; suffering a cyber-attack does not mean that you will lose your company or that you will lose a lot of money; so stay calm and think clearly; analyze what is happening and think about what are the next steps you should take now.
Respond quickly: when you have suffered an attack, it is best to have a good incident response plan; if you have a team that is responsible for this much better; if not, it would be appropriate to hire a person or specialized company to verify certain parameters immediately as: which systems have been penetrated or damaged; check if you can track the IP addresses of the attackers and confirm the type of attack was carried out (malware, virus, worm, Trojan, etc.). After these three points are identified; other users and departments in the company should be notified of the origin of the attack to prevent it from spreading.
Find the backdoors: this is the job of the incident response team; they must identify the means by which the attackers were able to enter your system; likewise, it is a good idea to isolate the infected computer to ensure that the malware will not spread to the rest of the company’s clean devices.
Other things you should also do are:
Take the time to take care of everything: Attacked computers or servers may want some time off. Place the cleanup and restore order to every item for business. You will want to put your most up-to-date clean backup and replace passwords for all systems. Of course, this step requires that you actually have a backup of your vital files; for it is in these situations that we really appreciate those cumbersome backups, aren’t they very useful?
Learn for next time: yes, next time; it is very likely that another attack will happen again; so the least you would want is for it to catch you off guard again. Learn about the attack you suffered, fix the vulnerabilities you got, strengthen your security, download the latest patches for the applications you use; anything that can help you to improve your company’s cybersecurity is welcome.
At this time it would also be advisable to review your company’s security policy with your employees; to avoid other types of less sophisticated attacks and train them on how attackers operate.
Now, these are the things you should NOT do when your company suffers an attack.
Delete the evidence: yes, we already know that we must restore the last backup; but be careful and do not do it until you have not collected the evidence of the attack. In the same way; it is also necessary that you keep in mind the information and details of how the attack occurred in order to be able to have a defense when reporting the incident to the relevant authorities.
Thinking that it will not happen again: as I mentioned before; it is very likely that it will happen again; so thinking that it will not happen again will only increase the probabilities that you will lower your guard; so do your best to know how to further protect your company with the knowledge you gained from your last attack.
Not informing users: we understand that on many occasions, and more than anything with high caliber companies; you do not want to share your situation with the rest of the world and much less with your customers; for fear of the damage that your company’s reputation may suffer; but it is totally necessary to be honest with your customers about your situation; because depending on the attack, it is likely that important data of these have been stolen; so you must be notified so that your customers can take the appropriate actions.
Not having professional partners: this is perhaps the biggest mistake that smaller or medium sized companies can make, because many times the staff is not fully trained to resolve incidents of that calibe; so having an allied company that can provide services for incident response and vulnerability assessment; is the best way you can have both to prevent future attacks, and to respond to these. So Demyo inc offers a series of services oriented towards the protection and response to computer incidents for all types of companies; so if you suspect you are suffering an attack; or simply want to strengthen the security of your company; do not hesitate to contact our team.