It is often months before an organisation realises that a cybersecurity breach has occurred. Once you figure it out, you may be unsure what to do next. Our research uncovered the steps taken by organisations to recover from a cyber-attack.
Steps to recover from a cyber-attack
Some of the fundamental steps taken to recover from a cyber-attack are listed below.
Determine what was lost
“The first step you should do after a cyber-attack is the most important, and also by far the most overlooked. If you are the subject of a cyber-attack you need to determine exactly what information was stolen. The reason for this is because the information stolen directly determines what your next step is.
Start by drawing a spider chart after the cyber-attack. To do this, you start with whatever was stolen and then make connections and steps from that information. If email addresses were stolen, your flow chart of next steps is going to look extraordinarily different than if social security numbers were stolen.
Replace the old with the new
Consider replacing every existing security technology with new technology and adding tools that improve your cyber-attack notification capabilities. You will also want to balance preventive tools with detective capabilities instead of one or the other.
Stop everything to find the virus
Yes, that’s right, “stop everything until the virus is found and neutralised”. One company that experienced an email-based cyber-attack went as far as
- Shutting down all internet access to prevent the virus from spreading to other system-critical solutions
- Updating their anti-virus and malware software protection
- Scanning all computers to remove the virus
The company then organised phishing training with mock scams sent to people to teach them not to open unauthorized messages.
Invest in proper software
Preparing for an attack starts with assuming an employee will introduce malware into the network and taking steps to prevent its spread when that happens. This is why organisations need security technologies that prevent ransomware and spyware from spreading once the inevitable happens.
Ensure you have backups
An attack is often launched from within an email and the scrambling of files can be catastrophic. This scenario has played out in many corporations around the world and the recovery process need not be hectic. If a data backup plan is in place, it is possible to recover all the corrupt data via the previous night’s backup.
It is often months before an organisation realises that a cybersecurity breach has occurred. What you do after the breach is identified will determine the ultimate cost of the breach and your survivability as a going concern.
If you would like to discuss this in more detail us, contact Ryan Danvers on 072 601 2858