What to do when your small business is pre hack, mid hack and post hack?

What to do when your small business is pre hack, mid hack and post hack?

The total cost of cybercrime is estimated to reach $6 trillion by 2021. The enormous cost is a result of near-constant cyber-attacks. On average, there is an attempted hack every 39 seconds, and the average cost of a successful cyber-attack is $3.62 million globally. In addition to outright financial loss, share prices drop by 7.27% on average following a data breach. A cyberattack’s impact on your company will depend heavily on how you prepare in advance and how you handle the situation once the attack begins. For every headline you see of a company being hacked, there are two or three companies that have experienced a cyberattack but had the controls in place that prevented it from affecting them. This article presents some of the most important things for prevention or mitigation of the damages of a cyberattack:

Cyber Resilience (pre-hack)

Security Controls: The first line of defense for a company are your security controls. Defenses include technical controls like firewalls and antivirus software, but it also includes non-technical controls such as employee cybersecurity awareness. For example, up to 50% of cyberattacks use social engineering tactics, so employees must be trained to identify and report social engineering-based attacks.

Network Monitoring: Many times, attackers will be able to find a way around your security controls and get a foothold in your network. At this point, it’s important to have network monitoring tools that allow you to detect irregular behavior and identify intruders in your network. Detection can be done using tools like a SIEM (Security Information and Event Management), which collects and analyzes data from all devices on the network and notifies you when it finds suspicious behavior/patterns. If you are a larger company, you should also use an MDR (Managed Detection and Response), a tool that uses data sources (including SIEMs) to detect and respond to potential threats on the network in real-time. According to IBM, these solutions are critical because, as it stands, the average time to detect a breach in 2019 was 206 days, with another 73 days to contain the breach. By using tools like this, you can significantly reduce this number and respond much faster.

Backups: It is essential that your company takes regular backups of your data and tests them to ensure that you can recover data in the event of an emergency. The biggest issue with a cyber-attack is the loss of information that is vital to business operations. Therefore, having a reliable backup and restore process means you can mitigate the risk of being compromised. It’s essential for defending against ransomware, which encrypts your information and requires a company to pay a ransom to decrypt that same data. Important files should be backed up at least once per week, preferably every 24 hours.

Cyber Insurance: Having good cyber insurance is critical for ensuring your business is not wiped out in the event of a data breach. Cyber insurance provides financial assistance for many of the costs associated with a data breach, such as computer data loss and restoration, forensic investigations, reputation protection, extortion, and network security. There are several types of cyber insurance, so be sure to look at your company’s environment and determine what security risks you have. Then you can use cyber insurance to provide some coverage in those areas.

Security Assessments (Vulnerability and Penetration Testing): The best way to ensure that your security controls are working correctly is to have them tested regularly. Security assessments include vulnerability assessments, where professionals look at your current environment for potential vulnerabilities, and full-scale penetration tests, where professionals try and hack into your organization to see how susceptible you are to a cyber-attack. For a medium to large-sized company, perform security assessments by internal and external parties at least every 6 months. Many times, internal staff are aware of security issues but have difficulties convincing upper management to act. These assessments give them a chance to demonstrate how bad the issue is. External testing is essential so that there is less bias and a fresh set of eyes looking at your systems and their weaknesses. You can do this by hiring professional penetration testers like Cybersecurity Crusaders.

DevSecOps: This refers to securing your applications throughout their entire software development lifecycle, from creation to production to disposal. To plan for potential threats your application may be vulnerable to, use threat modeling DevSecOps tools designed to identify, predict and define threats across your application attack’s surface. It helps build secure products.

Incident Response (Mid Hack)

Identify the scope and contain the infection: The first step once there is a data breach is to identify the type of attack, identify which machines are affected, and then isolate them from the network. Isolation means to remove the machine’s internet connection and remove it from the network so that it cannot connect to any other machine, ensuring that the infection can’t spread to any other machines and preventing the hacker from issuing any further commands to the device. However, don’t power off the machine because forensic evidence may remain in the machine’s memory.

Identify your notification Requirements: Whenever a data breach occurs, you have legal/regulatory requirements to notify certain parties, such as affected customers, regulatory authorities, and third-party vendors. It’s important to know what your deadlines for notification are so you don’t miss them.

Identify the cause and fix it: Before you consider an incident averted, you need to identify the root cause and fix that vulnerability to ensure that the hacker can’t reinfect the machine after cleaning. For example, if the attacker used a vulnerability in an old version of an application, the fix would be to apply the latest security patches. It may require some computer forensic work to identify how the hack happened in some cases.

Bring in a third-party specialist as needed: Even medium to large companies sometimes do not have the specific expertise required. It is better to bring in help sooner than later if you are not confident in handling the situation. If you handle it poorly, you can spend a lot of time “fixing” things, just to be hacked again because you did not do a thorough job. Fortunately, cyber insurance can cover this cost as well.

Recover operations (Post Hack):

Clean your systems: Now that you have isolated the affected machines and fixed the vulnerability that gave the hacker access, the next step is to clean the affected machines of any malware. Cleaning often means re-imaging. Once cleaned, the machine can be added back to the network.

Offer client services: If customers were negatively affected by the data breach, it’s good to offer them some complimentary services. These services could include credit monitoring services if there was a financial impact or a discount on their next purchase if it was just a mild inconvenience.

Update the media: Now that you have the situation under control, inform everyone that you notified. If the breach went public, issue a public statement to inform everyone that the situation is under control.

Final Thoughts The most crucial aspect of handling a cyberattack is done during the preparation stage. If you have the proper controls in place, you will prevent many data breaches, will be able to react to them quickly if they do happen, and also recover from them relatively quickly. Most of the time, companies suffer huge losses from cyber-attacks because they are not prepared for them, and they spend a lot of time and money because of that. Like with most things, your results will be determined by your preparations.