If a business experiences a cyberattack it isn’t prepared for, it can be a very challenging and stressful experience, especially if there are no security experts within the business.
This article is an outline of some of the points to be considered should the unthinkable happen. But firstly, let’s break down that term cyberattack as it can sometimes be confused with a data breach and discuss why it is important to differentiate between the two.
Cyberattack and data breach – what’s the difference?
A cyberattack or cyber security incident refers to an initial attack where systems or records have been threatened by a malicious actor. This may be done to hurt the reputation of a business, damage the system, or to steal valuable data. Sometimes a business isn’t even aware that they have been attacked. Or it may be evident that there was an attack, for example, some hard disk space may have been corrupted, but what is visible may only be a decoy for the real damage to be enacted.
During a cyberattack, malicious code can be inserted into a business IT system and lay dormant, waiting for the right time to enact a data breach. A data breach is where the confidentiality of sensitive data is compromised. After a cyberattack, a business will execute a disaster and recovery plan to clean up an attack. But sometimes it isn’t easy to clean up all the malicious code, it may have buried itself too deep into the affected systems.
Controlled remotely by malicious actors, this type of malicious code can gather resources over months in preparation of a data breach. Damage can range from loss of customer information which can be used to take someone’s identity, to a ransomware attack where sensitive information is held at ransom in exchange for money. Whatever it may be, the consequences can be disastrous and permanently damage business reputation.
Reporting obligations after a cyberattack or data breach
If your business has experienced a cyber-attack or data breach, they must inform their insurance company.
Under the Privacy Act 1988 businesses must also notify The Office of the Australian Information Commissioner (OAIC) if there are reasonable grounds to believe that an eligible data breach has occurred. An eligible data breach occurs when there is unauthorised access to or disclosure of personal information that is likely to result in serious harm to an individual and the business is unable to prevent the likely risk of serious harm. The problem is that this sometimes isn’t very clear after a cyberattack.
Businesses must also notify the individuals themselves and they must do all this within thirty days, or they may be found negligent and face hefty fines. The reporting requirements to the OAIC are painful, lengthy and can consume company resources which would be better spent elsewhere. An experienced security professional can help to meet these requirements including summary reports, backup logs, email backups, receipts, and other reporting requirements.
What to do after a cyberattack
When you’ve identified that your business has experienced a cyberattack, there are things you can do immediately to contain the attack. Disconnect the internet as a starting point and disable all remote access. Replace all passwords to stop any further unauthorised access with strong passwords. Maintain firewall settings and immediately install any security updates that are pending.
What to do you after a data breach
Similarly, if a business identifies a data breach, they should:
- Preserve evidence – resist the urge to delete files that you believe may be infected. Keeping records helps to identify how it happened and who may be responsible.
2. Contain the servers – find which servers have been infected and section them off from other servers and devices to stop the virus from spreading.
After containing the cyberattack or security breach
After steps have been taken to contain the attack or breach, it is time to stop any further damage. If your business is the victim of a supply chain attack for example, this attack will have affected multiple businesses. Connecting with those organisations to share knowledge can help to provide clarity. Following trusted sources, for example, government organisations or larger organisations, can help pave a way forward.
Regardless of whether your attack or breach was part of a larger, orchestrated malicious type of attack, or an isolated incident, steps must still be taken to assess IT systems. Vulnerabilities within the system must be sought out so a clear path of how malicious actors made their way in is established and then the vulnerability must be patched and rectified.
Other key steps involved in identifying how the attack/breach happened is investigating who had access to the infected server and what network connections were active when the attack/breach occurred. Checking security data logs, logs of firewall, email providers and antivirus programs will also provide more information. If all this is overwhelming and the skills are simply not available within the business, then hiring an experienced cyber security professional can alleviate some of the burden. Risk factors and legal implications must also be considered.
Cyber security planning
In this new pandemic world, cyber threats are on the rise and have become the new normal. There are malicious actors out there working day and night to infiltrate company systems for their own personal gain. It’s important that businesses take this threat seriously and work proactively rather than reactively against this threat.
A thorough cyber security plan and disaster recovery plan must be created by experienced security professionals. Investing in planning will save costs and resources in the future should the unthinkable happen.
Talk to the experts at Lindentech to find out how they can help to protect your business and prevent similar attacks.