Cybersecurity best practices – what should companies do in the event of a cyberattack?

“We saw an increase in cyberattacks at the end of the year,” Omer Dembinsky, the company’s research manager said in a press release last December. “I expect these numbers to increase in 2022, because hackers will continue to innovate and find new ways to carry out cyberattacks, especially ransomware. We are in a cyber crisis if you will.”

In terms of industry, the education and research sector had the most weekly demonstrations in 2021 at 1,605 per institution, a 75% increase from last year. This was followed by the military and government agencies, which experienced 1,136 events every week for a rise of 47%, and the telecommunications industry announced 1,079 attacks on the organization every week, a rise of 51%.

Although North American businesses registered fewer exhibitions per week at 502, this number represents an increase of 61% year-on-year, the second highest increase among all regions, following only Europe.

Read more: How can small businesses protect themselves from cyber threats?

Given the current threat landscape, it is only a matter of time before an organization faces a major cyberattack. The situation highlights the need for every business to understand what to do in the event of a crisis as their survival often depends on the effectiveness of their cyber response systems.

Below is a guide on how businesses can respond to a cyberattack

To learn the best ways to respond to a cyberattack, Insurance Business he checked the websites of several industry experts for tips and tricks. Here are the steps companies should take if they fall victim to a scam, according to experts.

1. Create a data forensics team

The first thing businesses should do when they become aware of a cyberattack and proactively protect their IT infrastructure is to assemble a cybersecurity response team to determine where the incident occurred and what caused it. This includes assembling their cyber security team or hiring third parties if they don’t have one and instructing them to get started while the evidence is still fresh.

“This should be a team of trained security experts to protect your business from such threats,” says New York-based software company Wickr. “It is important that every member of the team is well trained in their situation and knows what to do in the event of an attack.”

According to global information provider ITSEC, the incident response team may include legal experts, information security experts, and the company’s senior management and legal team.

“Working together, this team will provide your first solution to problems,” the company said.

read more: Which US businesses are most at risk?

2. Identify the type of attack

Determining the type of attack helps the cybersecurity response team to implement appropriate measures, according to experts.

“Once you know what type of condition is occurring, you can know where to look and how to prevent and recover,” Wickr wrote on his website. You don’t need to know the nature of the attack, but also the source, the extent of the attack, and the likely outcome.

EY’s senior global analyst noted how “business network intelligence is critical” at the moment as the response team “isolates the incident and puts it into the affected systems and data.”

“Depending on the severity, complexity, and urgency of the incident, the appropriate escalation measures are implemented based on previously established information,” the company explained. “These types of recommendations need to be continuously developed to keep the organization’s risk areas at bay so that there are no major risks, and smaller risks do not take away valuable resources.”

3. Take risks

Once the type of attack has been identified and verified, the next step is to prevent the threat from causing further damage.

“Many automated attacks are designed to give attackers a backdoor to your system, so that data can continue to be deleted over time,” Wickr warned. “It’s important to identify and close all the ways attackers may have access to your system. The same is true, obviously, if your company is the most affected.”

Read more: Business identity theft – what can US companies do to protect themselves?

4. Inspect and repair damage

After a cyberattack, businesses must assess the damage and take steps to strengthen their systems.

“An organization that has been compromised must identify and address the challenges in the environment, harden the environment to disrupt the attacker’s intended return, improve its detection capabilities, and act on future attacks, and plan for remedial actions,” EY advised.

The California-based company Delinea added that in order to return the system to “before it happened,” businesses need to take action.

“Collect as much evidence as possible and maintain a sustainable supply chain,” the company said. “Collect logs, memory dumps, counters, network traffic, and disk images. Without proper evidence collection, digital forensics is limited so that subsequent investigations cannot be performed. Eliminate security vulnerabilities to ensure that an attacker cannot gain access. This includes patches, shutting down networks, and resetting passwords for compromised accounts.

“During the resolution process, make an identification to help determine the attack method used so that the controls can be increased to prevent similar attacks in the future. Carry out audits to see if there are any other problems.”

5. Inform the authorities

Experts also highlighted the need to inform the relevant authorities as soon as possible.

“Report the incident to your local police if authorized by your judge,” ITSEC said. “The sooner they know, the more they can do to help.”

“Immediately contact the FBI and state and local authorities,” Wickr added. “You’ll also want to report this scam to the Secret Service’s Electronic Crimes Task Force, as well as the Internet Crime Complaint Center and the Federal Trade Commission. If your company has cyber insurance, talk to your insurance agent for advice and assistance.”

6. Communicating with affected people

Cyber ​​attacks can cause serious reputational damage. For this reason, experts advise businesses to work with public relations professionals to determine how to best manage the event.

“Your customers will need to be notified, especially if the attack affected customer information,” Wickr said. “It is also important to issue a press release on this issue. You need to be clear about the scheme so that people can trust you. “

“If any other businesses are affected, let them know,” added ITSEC. This includes your bank, financial partners, and financial institutions that may monitor your accounts in the event of a fraudulent breach.

“Choose a contact person on your team to release information if necessary. That person should have the most up-to-date information on the breach, who is affected, and what you are currently doing.”

read more: The biggest cybersecurity challenges to watch out for in 2022

7. Learn from what happened to you

Surviving a cyberattack should be a learning experience for businesses and help them better plan for what will happen in the future.

“It is also important for the organization to transform the issue of crisis management into cyber risk management training,” EY said. “The cyber response team should brief information management strategies based on the results of this investigation.”

“[Assess] what went well and what didn’t go well,” advised Delinea. “Plan how to improve in the future.” Write an incident response report and include all business units affected by the incident. “

The company added that businesses should also assess whether managers were satisfied with their responses and assess whether they need to invest more in staffing, training, or technology to improve their security.