Home Features 4 Immediate Measures to Execute After a Cyberattack

4 Immediate Measures to Execute After a Cyberattack

Organizations should have an incident response plan in place to get the compromised networks back and recover from the damage as early as possible.

SHARE
CEO, cybersecurity, CISO, Future of the CISO
Read Aloud

Whether it is a global pandemic or the new normal, cybercriminals always find ways to target organizations and individuals for valuable digital assets. Most organizations fall victim to cyberattacks despite having robust security defenses in place.  From leaking sensitive data, phishing attacks, selling user data on the dark web to threatening victims for ransom, threat actors leverage various attack vectors to pilfer sensitive data or obtain access to business-critical infrastructure.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

Most companies avoid disclosing a data breach or cyberattack incidents citing penalties from law enforcement bodies, loss of customer trust, reputational damage, and financial impact. Organizations should always have an incident response plan in place to get the compromised networks back and recover from the damage as early as possible.

Here are the four immediate steps to follow when dealing with a cyberattack:

1. Contain

The primary step is to immediately contain and isolate the critical systems. Temporarily suspend all the systems after discovering the attack. This will help stop the spread of the attack to all business-critical networks. Look for any strains of ransomware or malware on the affected systems and isolate them from the main network immediately. Also, changing the passwords of all critical accounts will help mitigate the risks. A well-organized approach of isolation and containment will certainly help regain control of the affected systems and eliminate the risks.

2. Report

Reporting the cyberattack to the customers, clients, and especially to the law enforcement authorities immediately after it happens will create a sense of trust and transparency in the organization.

Most enterprises are often judged based on their incident handling capabilities during a ransomware or data breach attack. Organizations could encounter severe negative consequences for any delays or coverups in disclosing the incident. Besides, companies are liable under various data privacy regulations to report any security data breach incident and can attract a huge penalty from regulatory agencies if failed to report.

Last month, the Netherlands Data Protection Authority slammed a fine of €475,000 (around $560,860) on Booking.com for failing to report a data breach that affected the personal data of thousands of users.

3. Investigate and Recover

It is necessary to have an effective disaster recovery plan for organizations to restart the affected business operations smoothly. Report and engage with law enforcement authorities to investigate the incident to find out the cybercriminals responsible for the attack. Organizations can even hire a digital forensic team to inspect the security incident to understand the actual cause of the attack, what data, and how many have been affected.

Last year, Microsoft, along with government CERTs and its partners across 35 countries came together to legally disrupt one of the world’s nefarious botnets called Necurs. The disruption took place after the U.S. District Court for the Eastern District of New York issued an order enabling Microsoft to take control of the Necurs infrastructure.

4. Remediate

Organizations must learn from their mistakes after sustaining a cyberattack. Analyze the attack to know if there are any unpatched vulnerabilities or security loopholes in the organization’s cybersecurity posture. Come up with a set of efficient remedial measures to boost security and deal with the potential cyberattacks in the future.

Towards the end of 2020, when the SolarWinds supply chain attack took the digital world by storm, FireEye released a free tool, dubbed Azure AD Investigator, on GitHub to help alert security administrators to artifacts that may require further review to determine their legitimacy.

Wrap Up

No individual or company is 100% immune to cyberattacks. Organizations must bolster their security standards to defend against evolving cyberthreats. Cybersecurity precautions like encouraging employees to use strong passwords, training them to identify phishing, and other attacks ultimately improve organizational security.

About the Author:

 

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

Read More from the author.