Unfortunately, successful cyberattacks are growing far too common.
A 2018 study found that nearly 70% of SMBs have experienced a cyberattack in the past year,
yet an astounding 47% of respondents said they "have no understanding" of how to protect
themselves in the event of an attack.
Due to the relative complexity of today's digital infrastructure, most companies are moving
towards Managed Security Services for digital protection and proactive security. In fact,
Silent Breach estimates that partnering with a reputable cybersecurity firm is the single
most effective step you can take to mitigate digital security risks and minimize
security-related costs in the long run. Remember, protection is always cheaper and more
effective before an attack takes place.
However, if you believe that you've been the victim of an attack, here are five critical
steps you can take after the fact to immediately reduce your risk:
1. Consult your Business Continuity Plan (BCP)
The actions taken in the first few hours following a breach will continue have large
ramifications throughout the remainder of the recovery, for better or for worse. It is
therefore critical to consult with your prepared BCP before doing anything else. Most
likely, your situation (or one sufficiently similar) has been forecasted and a series of
processes and procedures have been developed to guide you along the way.
While the average data breach costs close to $4 million, Ponemon's latest Cost of a Data
Breach Study estimates that having a Business Continuity Plan will save you $365,000 on
average. On a per-file basis, the savings comes down to about $15 per compromised file.
Although Business Continuity Plans should be specially tailored (in consultation with your
cybersecurity partner) to your organizations needs and abilities, most effective BCPs will
include the following 3 sections:
Disaster Recovery: This will focus on recovering any IT resources and infrastructure that may
have been compromised. Unlike natural disasters, cyberattacks are not constrained by
geography, offering the attackers a distributed attack surface. DR for cyber breaches should
prepare for targeted simultaneous outages.
Business Impact Analysis: Not all breaches are created equal. A good BIA will account for
interdependencies to ensure that resources are being deployed effectively and efficiently.
Cyber Incident Response Plan: This will include a forensics unit composed of IT personnel
(dedicated to tracking down and patching the breach), a regulatory unit of legal analysts
(to identify and remediate compliance gaps), and a public relations team (to communicate
with customers, the media and shareholders).
If you do not yet have a Business Continuity Plan, use this Emergency Contact Form for
access to Silent Breach's Provisional Crisis Guideline for rapid triage and proceed
immediately to Step 2.
If you would like help developing your Business Continuity Plan, come and talk to us. Don't
wait until you've been breached.
2. Disconnect the infected device(s) from the network
Cyberattacks often operate via the snowball effect, where each breach will trigger an
additional, larger attack which will in turn do the same. It is crucial, therefore, that
all infected devices be disconnected from your network as soon as possible. This will not
only prevent the spread of the attack, but may also assist forensics experts in tracking
down the cause of the attack.
3. Contact your security partner
The importance of this step cannot be overstated. If you haven't done so yet, contact your
security partner and share everything you know about the breach as well as the affected
systems and devices. Most likely, the security firm will have a 24/7 Security Operations
Center which will work with you in real-time to mitigate the breach.
If you do not have a security partner or are unable to reach them, note down everything you
know (while the details are fresh) and immediately contact a security service provider for
further directions. At Silent Breach, our security and forensics experts specialize in
Incident Detection & Response and are available around the clock to assist you.
Tip: Read our post on How To Choose a Cybersecurity Firm
4. Don't delete anything
Deleting what you believe to be infected files will only make it harder for the forensics
team to trace the attack and, in some cases, can even trigger a follow-up attack. In order
to ensure that the attack can be fully discovered, contained and eradicated, it is vital to
preserve the 'scene of the crime'.
5. Spread the word
Hackers can take advantage of your identity by pivoting to attacks against business
colleagues or personal contacts. Posing as yourself, they will use social-hacking techniques
to convince close contacts to divulge sensitive personal information. Furthermore, under GDPR, stakeholders must be notified within 72 hours of a breach.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
To prevent this, immediately contact family members, friends and business associates to inform them that
your account has been compromised. You can use social media or an email blast to quickly
spread the word.
For further assistance or to talk with a security professional, you can contact Silent Breach from anywhere in the world, at any time of the day.