How Large Corporations Can Contain a Cyber Attack
Swift, decisive action is the key to containing a cyber attack. Find out how to limit the damage it can cause with this seven-step plan.
With cyber crime rates rapidly rising and companies still underprepared to fight off cyber attacks, it falls to cybersecurity professionals to provide the first and last line of defense.
There were more than 1 million web attacks every day in 2015, with vulnerabilities found in three-quarters of websites. Cyber crime is a clear and present danger, and companies must be prepared to minimize damage with an effective crisis management plan.
For example, when hackers stole the personal records of 233 million eBay users, it could have spelled doom for the company. However, eBay successfully minimized damage from the attack by assuring users that their separately encrypted financial information was safe and encouraging them to change their passwords to prevent further hacks.
Step 1: Plan for the Worst
It’s too late to start to deal with a cyber attack once it happens. To ensure post-cyber attack fallout is minimal, you and your people must be well versed in the role they’ll play in managing the crisis.
That’s why it’s important to implement a cyber crime crisis management plan that you can deploy immediately after a cyber attack to secure your network, limit the damage and begin the recovery process.
This plan should continually evolve as new tools and technologies become available and your people should be kept abreast of these changes.
Step 2: Mobilize the Response Team
The key to minimizing the damage caused by cyber attacks is a swift response.
Your response team should include representatives from all relevant business units such as your operations, communications, and IT departments — all with clearly defined roles and an action plan to follow immediately after an attack.
For example, data protection specialists should be mobilized to contain the attack, cybersecurity technicians should focus on identifying the source of the attack, customer service staff should inform customers when their personal data is threatened and the public relations team should work on a media response.
It’s vital that each team member knows their role and action items well in advance. Running regular drills is an effective way to test and improve your team’s response time and performance before an attack strikes.
Step 3: Identify the Type of Attack
Move quickly to identify the type of cyber attack your company is facing in order to understand the source of the breach, its breadth, and its impact. This will allow you to implement the most effective action plan.
For example, in the case of a social engineering attack where a hacker has obtained access information from an employee, consult the employee to identify exactly what information was shared. Or if the attacker is a disgruntled employee, identify the level of network access they are likely to have and what their motives might be.
Step 4: Secure Your Network
Once you’ve identified the source and type of cyber attack, you can move to secure your network and prevent further data theft or other damage.
That might mean taking the entire system offline, implementing temporary firewalls, isolating part of your network, asking your internet service provider to block traffic to your website or taking other action to block the hacker’s activities.
Step 5: Report and Investigate
Filing a report with local police will establish an official record of the incident, which may be helpful throughout future legal proceedings.
You can also report online crime to the local office of the United States Secret Service Electronic Crimes Task Force, or the Internet Crime Complaint Center. If the attack involved identity theft, you can report it to the Federal Trade Commission.
With your network secure and the attack contained, you may choose to initiate a formal investigation. Seek to identify how the hacker gained access to your systems, where any security vulnerabilities exist, the extent of data loss or other damage inflicted, whether the identity of the hacker can be traced and what legal options may be open to the company.
You may also choose to bring in external support to conduct a systems audit, especially if you suspect the attack may have originated from within the organization.
Step 6: Manage the Story
If the cyber attack has resulted in a major compromise of your customer data, you’ll need to inform your customers and likely prepare for media attention.
Issuing a media release that sets out the details of the attack and how it has been resolved can be an effective way to get ahead of the story and help to direct the narrative.
It will also demonstrate transparency and stop any accusations of secrecy or an attempted cover-up.
Step 7: Repair Customer Relationships
Your customers will likely be concerned about the cyber attack, even if their personal data is secure. Again, transparency is the key.
Keep your customers in the loop with open communications and share ongoing news about what you’re doing to close network vulnerabilities and boost security to prevent future attacks.
Hackers are constantly evolving their techniques and finding new methods to circumvent security systems.
That’s why it’s so important to continue to build your cyber skills with ongoing advanced education so you’re ready for any cyber attacks.
Make sure you’re battle-ready by finding the right cybersecurity education program for you.