What to do in the event of a Cyber Attack?
As seen on
Reducing the risk of your business being exposed to cyber threats is vital nowadays. The impacts of a successful cyber attack can be extremely damaging to your business, and the fallout may include compensation to impacted customers, an inability to operate while the attack is ongoing and the negative impact on your reputation to both current and future customers.
We’ve already covered 10 easy steps you can take to avoid cyber attacks altogether, but even the most diligent business can still be the victim of an especially smart attack. When it does happen, it’s important to identify the stage of the attack you're at and have a clear strategy in place for mitigating as many of the risks as possible.
As always, you’ll want to make sure you hold an appropriate cyber liability insurance. If something does go wrong, it’ll help your business cover many of those expensive costs that can be associated with cyber attacks.
Here are some of the things you can do to reduce the risk of a cyber-attack, and how to react when one does occur.
Reduce Your Cyber Exposure Using Security Essentials
The good news is there are a number of extremely simple steps you can take to reduce the chances of something ever going wrong. While some of them can seem simple (and even a little arbitrary) the combination of them all can make an attackers life significantly more difficult, lowering the chances that you ever have to deal with one inside your networks.
- Firewalls and Gateways: Web proxies/VPN’s and content filtering can both reduce the chances of attackers getting into your computers directly. Disallowing access to websites with questionable security ratings can also reduce the chances of your staff accidentally clicking on a link that opens them up to cyber-attack.
- Password Policy: Asking staff to update their passwords regularly can feel unnecessary at times, but enforcing a strong password policy (and forcing regular password updates through their devices) can avoid hackers being able to log into your network directly.
- User Controls: It goes without saying, but make sure staff are only permitted to do as much on the network as they need to do their job. The fewer employees with full privileges, the better.
- Device Configuration: Restricting device functionality allows you to decide exactly what employees can and can’t install or use on their laptop or mobile phone—ultimately reducing the opportunities for them to install malware.
- Execution Control: Denying ‘auto-install’ from USB/CD drives, and requiring network administrator permission, can help protect your business from employees bringing in malware from external sources.
- Patch Installation: It can feel easy to delay patches endlessly, but they contain key security updates to deal with the latest cyber threats. Make sure all employees install them at the earliest possible moment, perhaps by installing them automatically overnight.
Additional Steps
If you feel your business is especially likely to be targeted, or you’re a part of a larger organisation, there a few additional methods you can utilize to avoid cyber threats altogether.
- User Training: Explaining to your staff their role in reporting activity and keeping data safe can be a hugely effective way to help them avoid slip-ups
- Security Monitoring/Reporting: Identifying unexpected activity, and empowering your staff to report anything suspicious, will reduce the time a cyber attacker has to find their way into your network (or do any damage once they're there).
Attack Stages
Different prevention methods apply at different stages of a cyber attack, so it’s important to identify which stage you’re at and to be aware of what you can do, either to prevent attacks in the future or react to ones that are ongoing. It's always better to be implementing precautions than reacting to an ongoing attack, so even if you don't feel like you're currently at risk consider what would happen if you suddenly were.
Survey Stage
The earliest stage at which you can be exposed to a cyber threat, the survey stage involves attackers taking any information which is available freely online. Without proper moderation and management, this might include network details, employee contact information and private customer/business data.
Ensuring that all data published online has been filtered and edited to ensure nothing of value to cyber attackers is released is the first stage, and something that all businesses should be doing already. However, not all information about the business is published intentionally, so it’s important that all staff know what they can and can’t post online.
Training and educating your staff means making them aware of the impact that social media posts, emails and other communications can have on your business. The Centre for the Protection of National Infrastructure has an excellent beginners guide to securing your online presence as an employee that goes through all of the ways that attackers can take seemingly meaningless data and use it for malicious intentions.
Device-wise, ensure all computers, phones, laptops etc. are securely configured to avoid the chances of any of them being used as a gateway for a hacker. Consider the implications of a device being stolen, and how best to mitigate the chance of that device being used maliciously. Controlling network access remotely, managing your network userbase and restricting access to confidential data can all help reduce the value of a stolen device to a potential cyber attacker.
Delivery Stage
If your business has been identified as a potential target for a cyber-attack, there’s a good chance you’re not even aware of it. Hackers will have researched your business using publicly available assets (some of which you may not have control of, like Companies House) before deciding you’re an appropriate target.
You can completely avoid many threats at this stage by having implemented excellent cyber strategy and etiquette at all levels of your business. Simple measures like authentification/password policy will reduce the chances of hackers guessing ‘obvious’ passwords and finding an easy way in. Similarly, if staff are forced to update their passwords regularly, hackers won’t be able to use any information they’ve gathered in the past as easily, as it’ll quickly have become out of date.
Malware Protection can help protect your business too, restricting what staff can access online and what they’re able to download and bring into the network. Firewalls are another effective way to reject unnecessary/unsecure services and alert network management when staff click onto a website that might have opened them up to a cyber risk.
Finally, again, secure configuration will help to limit the amount of damage a hacker can do through one device or loophole. Keeping device/employee access to the minimum required for standard business operation reduces the chances of something going wrong if a device/user is compromised.
Breach Stage
Even if you’ve been as cautious as possible, smart hackers may find a way into your network. At this stage, your goal is to reduce the amount of damage they can do to an absolute minimum. Their intentions may not be clear (and they may not have even targeted you specifically), so it’s important to cover off all eventualities.
Firstly, much of the success of your cybersecurity processes depends on your ability to monitor the entirety of the network to identify potentially malicious activity. Make sure your system administrators have automatic notifications in place for anything that does look out of the norm (and if they don't yet, make sure they make it a priority to do so) and you’ll be able to identify a breach quickly.
Again, restricting user privileges and maintaining secure device configurations will play a key part in protecting your business. You’ll avoid hackers having access to the entirety of your network, and at lower levels, they may not even get access to any valuable information at all. At the breach stage, this is extremely important—having them 'in' the network but unable to achieve anything can even be considered somewhat of a success for your cybersecurity strategy.
Operating strong malware protection, such as an internet/network gateway, can help restrict unwanted inbound or outbound connection requests. Your internet gateway can also deny access to any unsecure services that a hacker (or an unsuspecting employee) might attempt to use.
Making sure devices are patched and up-to-date can also limit the amount of time your business spends being exposed to known vulnerabilities and risks. Many cyber-attacks are not made using the most up-to-date software/malware, so if you’re fully patched there’s a good chance your device will take care of the attack for you.
Affect Stage
If your business consistently manages the measures discussed above, a vast majority of attacks will be beaten before they’re able to gain anything of value from inside your network (if they even get there at all). Especially smart hackers, who utilize bespoke attacks designed specifically for your business, may still be able to get in. If this does happen, monitoring your network and being aware of what ‘normal’ looks like can help you keep track of what they’re doing and to cut them off before they take their next step.
If you have identified that somebody unwanted is in your network, it’s time to begin working through your defense in depth strategy to protect your systems.
And while it can be difficult to admit defeat, there are a number of businesses that will help to fight off cyber attacks for you (and implement world-class cyber security post-attack) that might be worth considering if you've exhausted all other avenues.
Finally, you may have incurred considerable costs as a result of the cyber attack. These could impact you directly (restoring old systems, recovering data, business interruption, etc.) or your customers (privacy protection, data liability, etc.). It's important to have a proper cyber liability insurance policy to help cover these costs and get your business back to work as quickly as possible.
Who does Cyber Attacks?
Trying to identify who is attacking you can be difficult, especially if they’re a smart hacker who has their own defences set up for any countermeasures by yourselves or other business. Many hackers do not select specific targets, instead utilising a ‘spray and pray’ method to target as many organisations as possible, knowing that the chances of success are small and so instead hoping sheer volume will yield the result they seek.
Otherwise, the National Cyber Security Centre has a list of a few types of cyber criminal who may have a vested interest in your data, including:
- Cyber criminals who want to make money from your data
- Competitors who want to gain an advantage
- Employees who may (unintentionally or intentionally) misuse a device/network
- Foreign intelligence services who want to gain an economic advantage
- Hackers who get a buzz from interfering with complex computer systems
- "Hacktivists" who might attack for political/ideological reasons
What to do if you’re the victim of a Cyber Attack
Before anything happens, it’s important to make sure you have a strong cyber incident response process in place (the NCSC has an excellent guide on how to go about setting this up).
Once you’ve been through the phases of your response plan, begin cleaning up the affected networks and systems (whether manually or by reverting to a backed-up version) and your business should be ready to resume somewhat normal operation.
Finally, you can report your case to the National Fraud & Cyber Crime Reporting Centre. There’s no guarantee they’ll be able to find the criminal, but your case could help them prevent other similar attacks in the future, and they may be able to support your business while an attack is ongoing or during the immediate aftermath.