But let me share a secret with you: in many cases, how you respond to an attack after it has happened is just as important as \u2013 and perhaps more important than \u2013 the cyberdefenses you have in place. Even the most advanced cybersecurity systems do not offer 100% protection, and the fact is that you are going to get hacked at some point.<\/p>\n
In this article, we'll look at the key steps you need to take following a cyberattack.<\/p>\n
Developing an IR Plan<\/h2>\n
The first point to make is this: that all of the steps below should already appear in your incident response (IR) plan. I understand, of course, that if you are reading this because you\u2019ve just been hacked and don\u2019t know what to do, pointing out that you should already have a plan will not be very useful.<\/p>\n
Nevertheless, it\u2019s crucial that all businesses develop a detailed IR plan for responding to cyberattacks, and there are plenty of resources out there that can help you do so. The NIST Computer Security Incident Handling Guide<\/a> (SP 800-61), the gold standard for guidance in this regard, specifies four areas that should be addressed in this plan:<\/p>\n These principles can also be applied to the way in which you respond to a cyberattack.<\/p>\n Further reading<\/span> Designing a Ransomware Response Plan<\/a><\/p>\n Every cyberattack and every organization is different. However, it\u2019s possible to outline a fairly standard set of responses to cyber-incidents. Here they are.<\/p>\n The first step in responding to a successful cyberattack is to iterate the lessons you\u2019ve learned from the recent attack back into your IR planning. Once you\u2019ve identified how you were hacked, you should take immediate steps to disseminate these lessons to all relevant staff groups. In particular, you should ensure that all staff know how to protect your business, and are aware of the importance of setting a strong password<\/a>.<\/p>\n Further reading<\/span> Stay safe from ransomware<\/a> with MSP360<\/p>\n Next, you should immediately inform every relevant staff member that an attack has occurred. This will certainly include technical teams, but it should also extend to your customer service teams, who may have to field some complicated requests and complaints over the coming few weeks.<\/p>\n Secondly, assemble a team that is able to carry out the steps below. Appoint a team leader who will have overall responsibility for responding to the incident, and make sure that this team is protected by using a VPN to encrypt their internal communications at all times.<\/p>\n This IR team should work to uncover the source of the attack or leak. This process is technically known as \u201cattack forensics\u201d, but in reality can be a lot less complex than that name suggests.<\/p>\n For most organizations, most of the time, this step will involve scanning file systems for malware, and identifying what type of infection you have fallen victim to. You should then immediately update how your phishing filters work in order to avoid the immediate reinfection of your systems.<\/p>\n The next stage of incident response is to contain any further damage that might have been caused by a successful attack. A security incident \u2013 especially one caused by malware \u2013 is like a forest fire, and unless you take steps to contain it, it can easily spread and cause further damage.<\/p>\n You will need to perform system\/network validation and testing to certify all systems as operational. Recertify any component that was compromised as both operational and secure, and don\u2019t bring crucial components back online until you are positive they pose no further threat.<\/p>\n It is pointless to have a security system in place that you won\u2019t keep up-to-date. However, this is something we see pretty often. The capability of attackers is increasing regularly and scams continue to evolve<\/a>, which means you always need to have the latest release of definitions or software to stay protected.<\/p>\n This goes not just for your company-owned mobile devices, but for all the available technology in the office. Numerous case studies in web application design have revealed the best practices for how web applications can be kept more secure from hackers. This includes making it so that your web applications will run with the fewest-possible privileges to reduce vulnerabilities, and avoiding third-party themes and plugins.<\/p>\n Once the smoke starts to clear, it\u2019s time to assess the damage. You should take a holistic approach to this, in order to capture the full range of consequences of a successful attack. Further, you should also review the pros and cons of launching a full-fledged cyber attribution investigation<\/a>, which will help to protect you against similar threat vectors in the future.<\/p>\n Don\u2019t just look at the cost of a data breach to your business, but factor in the monetary consequences of any extra systems you put in place as a result of the hack; at a time when business debt is rising<\/a>, added expenditure on cybersecurity systems is often the most damaging outcome of an attack.<\/p>\n\n
![\"Whitepaper](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/05\/PDF.png\")
<\/p>\n![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/62d663a3-9fca-42d8-9dc3-fdc92166abc0.png\")
<\/a><\/span><\/span><\/p>\n<\/div>\n<\/div>\nHow to Respond to a Cyberattack<\/h2>\n
1. Prevention<\/h3>\n
2. Communication and Delegation<\/h3>\n
3. Forensics<\/h3>\n
![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/4a146d91-d63d-4e82-9aab-1f5f0c43f780.png\")
<\/a><\/span><\/span><\/div>\n4. Contain and Recover<\/h3>\n
5. Stay Up-to-Date with All Your Security Systems<\/h3>\n
6. Assess the Damage<\/h3>\n
The Bottom Line<\/h2>\n