Posted on May 2, 2022 by Ken Morford
When you are hacked, you must move fast. Here is what to do first and how to reduce risk.
There is no such thing as a “little” hack. It might be something that keeps you up at night and, as more organizations complete their digital transformations, you will have plenty of company. Ideally, you have a robust plan that includes disaster recovery, backups, and business continuity planning. But sometimes, there is a big gap between “ideal” and “reality.”
I recently presented a webinar with Adam Gordon from ACI Learning. We went through how to deal with a hack when it happens and how to prepare for—and maybe even avoid—an incident in the future.
Assess Security and Business Risks
Once you recognize that your organization has been hacked, you might be tempted to either overreact or underreact. You will need to take a little time to assess the situation before taking specific action. Be honest from the beginning about what has happened and how bad it may be so that you understand the actual issues.
Involve your executive team and the extended incident response team members from business units to understand the impact from many angles. Do not go it alone.
In addition, you will want to assign an “incident reporter.” This person should document everything that happens, starting from the moment you recognize you’ve been hacked. You want to capture details, so you are not trying to recollect everything during a stressful time.
During this assessment phase, do not be afraid to admit that there are things you do not know. Acknowledge the blind spots in the system that led you here, but do not waste time assigning blame.
Take Action and Maintain Compliance
One of the toughest aspects of coping with a cyberattack is admitting it happened and asking for help to resolve it. Ask for support, no matter how painful or embarrassing it may be.
If you do not have the expertise to manage and fix the issue(s) internally, identify an external incident response company with a good track record. Do not make a bad situation worse.
Two critical elements of this step are to evaluate the state of operations and to connect with authorities that govern your industry, as appropriate.
Continuity of Operations
The attack could be so significant that continuity of operations is impossible until certain activities have been executed successfully. Make sure you communicate with the necessary parties and provide enough information to the people affected so they know what to expect. Focus on implementing fixes right the first time instead of rushing and possibly making mistakes. This will help you begin to free up resources to restart operations.
Consult law enforcement, such as the FBI, who can help guide you through the aftermath and provide resources. These agencies respect your decisions as the victim in the situation. In addition, if your industry requires it, bring in appropriate officials as soon as possible. Do not just wait for them to show up.
Fusion Connect’s Santi Cuellar offers more specific technical strategies and tips for tips for mitigating and managing a data breach.
Review the Security Incident and Plan for the Future
Hopefully, your company already has excellent processes and procedures in place to respond to threats and clear instructions for how to react to a security event. If you do not have strong policies, you can start by reviewing the most recent incident. Then build a reasonable plan based on lessons learned.
Disaster Recovery and Business Continuity Planning
Incidents often uncover a lack of in-depth planning on many levels. You need a reasonable business continuity plan (BCP), disaster recovery strategies, and backup protocols.
What can you do to avoid incidents or recover when you experience another event?
- Gain complete visibility of your organization. Most companies do not manage all IT in-house. Understand and document your entire infrastructure, including information about vendors, solution providers and consultants who access your systems. Be sure to request and review audits supplied by your vendors and understand the impact on your company’s security.
- Get an independent assessment of your security program. Incorporate the remediation plan into your strategic plan, and make sure you vet cybersecurity response vendors who can help you when you are in trouble.
- Stay informed. Monitor news sources that cover hacks and breaches, especially for companies of your size and industry. Network with professionals in your space to share information and tactics for dealing with these issues.
Security in 2022 and Beyond
Worldwide, organizations experienced a 105% increase in ransomware attacks last year, according to the 2022 Cyber Threat Report, including attacks against governments and healthcare organizations. In fact, the overall number of cyberattacks per week on corporate networks increased by 50% in 2021. Recent global conflicts and continuing pandemic-response influences suggest that 2022 will continue this trend.
Organizations that have worked to move to cloud, hybrid and edge platforms will focus on better securing data. Those who do not have resources and teams in place can find help with security offerings like Fusion Connect’s Advanced Edge Security and Endpoint Detection & Response. These offerings combined with the advances we have discussed here can help you develop a solid security strategy that will help manage risk and recover from incidents during this challenging time.
Follow us on LinkedIn to receive real-time industry updates.