What to Do When Your Company is Hacked

As organizations navigate the new normal of hybrid work, it leaves room for hacking and breaching incidents. While breaches in large enterprises are what normally get recognized, the reality is small and medium-sized organizations are faced with the most incidents. The costs associated with cybersecurity hacks are projected to increase to $10.5 trillion by 2025; indicating a 15% growth year over year. The list of hacked organizations grows daily. It is essential that your organization be prepared to take the next steps should your system(s) become compromised. A few Indicators of Compromise (IoC) you should look out for:

• Suspicious email requests or notifications
• Uncommon outbound network traffic
• Reduced network speed
• Large amount of connection attempts to your network
• Anomalies in privileged user account activity
• Substantial numbers of request for the same file
• Geographical irregularities
• Database extractions
• Unexpected patching of systems

What to do during and after a cyber attack

Circumstances vary depending on the type and size of a hack and breach. In the wake of an attack, here are the steps you can follow (post-incident identification):

1. Verify the attack with an incident response plan and your incident response team

During an attack, an incident response team will be your first responders when dealing with your organization’s breach. If you do not have an incident response team, now is the time to create one. An incident response team will help your organization respond to IT and security communication challenges relating to the attack. This incident response team will be able to help detect which systems have been breached, identify which IP addresses have been used in attack and confirm the type of attack.

2. Act Quickly

During the attack, respond quickly by containing and isolating critical systems. Locate hacked data online to see if it was uploaded on other sites; if you find it, please contact the site instantly to request its removal. Your incident response team should perform a security audit to determine which files or systems are missing or damaged. While isolating these systems, your incident response team should inform users of the network immediately to help stop the spread. Responding quickly is crucial to prevent any further attacks.

3. Isolate the offender

While an attack is underway, quarantine and investigate affected computers and servers by having your incident response team block the affected networks, detect, and examine the damage, and inspect for any backdoors which may give hackers potential access to your system in the future. Make sure to be mindful with this step because you have to weigh the business impact associated with taking this action.

4. System restoration

Post attack, make sure to restore files by installing the most recent pre-attack backup files and prioritizing the servers and networks that are critical to the business. While this restoration is occurring, company-wide passwords must also be changed. Use this opportunity to verify that there are not any systems still using default passwords or something obvious.

5. Disclose the Breach to Necessary Groups

Report the hack to your local police department as soon as possible. Depending on which type of attack was used or the information involved, you may need to contact additional law enforcement organizations. It is essential to notify customers and business stakeholders to create a level of transparency and trust that normally reflects well on the organization overall. Although there are risks to sharing that your organization has been breached, transparency about a breach can help raise awareness and prevent other organizations from experiencing the same attacks.

6. Plan against the next attack by taking preventative measures

It is crucial to solve the issue(s) that allowed the breach to occur. Questions you can ask about this incident to prevent it happening again include why was your organization a target? What were your security strengths and weaknesses prior to the incident? What modifications can you make to prevent another attack? Did you have an appropriate incident response plan in place? What people do you need on your internal and external team to improve protection? Then, measures should be taken to avoid a breach happening again, like conducting security audits more frequently and training all employees on safe security practices.

Cybersecurity Consulting at PSM

At PSM, we can help you strengthen your security with our cybersecurity consulting services. With these services, we will assess your current situation with your cybersecurity to identify ways to strengthen your security and address vulnerabilities. Our professionals will suggest effective solutions for you to implement to ensure that your system is secured. Our IT security consulting services are ideal for businesses and institutions that want to ensure that they are taking the right actions to secure their network. Our cybersecurity consultants are experts when it comes to protecting your IT system. Our professionals at PSM can provide cybersecurity assessment services in which we will evaluate your current security situation. Our network security assessments will evaluate the effectiveness of your security solutions and help identify any weaknesses that could leave your IT system vulnerable. After our cybersecurity audit, we will inform you of any vulnerabilities we find and offer suggestions for solutions that will help strengthen the security of your system.