Cyber Security lies heavily on the minds of most IT folk. The FBI regularly monitor and report on hacking and general malware issues, and are well-known for their statements about the subject. Concerning Cyber Security, they say the only safe site is one that has not been hacked yet.
Even if you have been diligent in setting up your defences, keeping your malware information databases up to date, and educating your users, at some point you will be hit. It is essential to consider it a learning experience, even when you are up to your ears in the muck and bullets of fixing the problem.
Doing that will help you prepare your defences to deal with it better when it happens again, and it will.
There are several essential things you will learn after a hacking attack. These include
No-one is immune
Don’t take it personally. Hacking and malware is an industry, and many people make lots of money out of it. It was your turn, just like the burglar choosing your house, rather than the one next door. That is an important point. It means that your defences were easier to crack than the guy next door. You need to look at them.
You need to move quickly
Once you know you have been hacked or are under attack, don’t hang around. For example, if you are suffering a DDoS Attack, the quicker you can put up the defences, the quicker you can stop it.
It also reduces damage to your organization. If the attack affects customers, they need to know, so they can take any remedial measures they need to. Reputation al damage can seriously hurt your business.
Use the attack as a training exercise for your staff on the need for immediate action when a malware attack is detected.
How well your recovery procedures work
It is essential to hold a PRR (“Post Recovery Review”). Look at how quickly you came back online, how well your procedures worked in practice, assess how you compared with similar attacks elsewhere.
It’s not just the IT aspects that need to review. Recovering from a hack attack involves many departments and functions in the organization. Are the appropriate resources available? Did internal communications operate correctly? Is user training needed?
One point not to miss is to review your DRP procedures. Are they sufficient? Are they in the correct order? Do they cover all eventualities? Basically, did they work, and how can they work better. It wouldn’t be the first time the backup media cabinet keys are missing.
What was the impact on users and customers
The effects of systems unavailability or data loss is possibly the most important lesson. There will be reputational damage to the company. It is vital to see how to reduce it. Your key customers will be able to give some pointers.
Try to quantify the effects of the attack on your business. Was any confidential customer information lost, and if so, what remedial measures do we need to take. It will be useful to put a number to the business losses, so you can justify the cost of new and upgraded defences if you go to the C-Suite for additional hardware and software.
Don’t Wait to Call for Help
In some cases, you cannot fix it yourself even if you think you can. Expert advice and support can resolve issues more quickly, and if correctly set up can be a learning experience for your staff.
If we take DDoS as an example, you can attempt to mitigate it’s effects yourself, but sometimes calling for help brings a much quicker solution.
Include partners in your recovery plans.
The first stop is your ISP. If you use a hosted data centre, they will definitely want to become involved in a malware attack.
You should also have standby arrangements with a Malware Mitigation Specialist. They are highly experienced in malware attacks, especially DDoS, and have an enormous bandwidth.
In summary, while a malware or hack attack can be a severe issue while it runs it’s course, it can be a learning experience, allowing you to test and fine-tune DRP and anti-malware procedures.