Cyber attack successful - and now? The eight most important tips from our IT security experts!
by Svenja Koch
Cyber threats know no seasons, no country borders and no opening hours. By now, virtually every company is at risk of becoming the target of a planned cyber attack. Or, the case is even more likely, the company gets into the hackers' line of fire by pure chance and at random. In the event of a successful cyber attack, it is no longer "only" data records and company secrets that are at risk. The more networked the world becomes, the more drastic the effects of cyber attacks become on people's everyday lives. Educational institutions, healthcare organisations or energy providers: when cyber threats target critical infrastructures, human lives may be at risk. If a fully developed cyber emergency plan is not ready in the drawer now, the consequences can be drastic. With our hacking attack tips, we would like to provide you with first aid in the event of a cyberattack. Find out here what measures you and your IT security need to take after a successful cyber attack - and why the help of security experts is advisable if the worst comes to the worst.
Tip No. 1 in the event of a hacker attack : Never, really never, pay a ransom!
Among cyber threats, the ransomware attack is high on the cybercriminals' popularity scale. Ransomware refers to a whole group of ransomware that infiltrates infected systems, encrypts data there and makes the release of the data dependent on a ransom payment. If ransomware has undermined your IT security and rendered your company's data unusable, the first thing to do is - stay calm. Do not pay the demanded ransom - because by doing so, you are giving the hackers exactly what they want. And you will certainly become the target of this form of cyber attack again in the near future.
Tip No.2 for a hacker attack: Act tactically instead of reacting haphazardly
A successful cyber attack naturally comes as a surprise to companies and without warning. Even if hackers sometimes hide in the networks for weeks: If the worst comes to the worst, IT security must make comprehensive decisions in a short time. Without a cyber emergency plan, chaos can quickly break out in the early phase of a successful cyber attack. However, it is also important here: Keep calm and proceed tactically.
Your tactical response to a cyber attack should include:
- Ensure that no further damage can result from the detected cyber attack. Even if this means that you have to temporarily take some or even all of your systems offline!
- In order for your IT security to be able to react promptly to cyber attacks, elaborated incident response plans should be ready. IT security must also be informed in such a way that measures can be carried out independently without having to obtain prior permission from higher-level departments or management.
- Take guest networks offline. Open wi-fi within the company is increasingly becoming a service standard. Unfortunately, there is always the option of cyber attacks originating from unmanaged guest devices or malicious code hiding in these very areas. Therefore, as a first aid measure after a successful cyber attack, you should definitely and always temporarily disable all guest access.
Tip no. 3 for a hacker attack: The AI is your friend!
In the event of a successful cyber attack, every minute counts to keep the resulting damage to a minimum. However, cyber threats are almost always detected too late. This is not only due to the sophistication of the hackers, but also to a myriad of false alarms! More and more companies are turning to SIEM software (Security Information and Event Management) - and quite rightly so. SIEM is considered one of the most important building blocks in the defence against cyber attacks - unfortunately, the tools also produce quite a lot of false alarms. IT security has to check every single one of these alerts, which not only costs time, but also means that around half of all cyber threats remain undetected. Artificial intelligence (AI) support can provide a remedy here. By automating IT security, it is possible to react efficiently to hacker attacks - and, above all, to ensure the urgently needed level of cyber resilience!
Tip No. 4 in the event of a hacker attack: Secure evidence through forensic responses
Cyberthreats endanger the existence of the affected companies - and also represent a punishable offence. In order for law enforcement authorities to take action after a successful cyber attack, evidence of the attack must be secured. And your insurance company is also interested in this evidence, because insurance policies only take effect if the cyber attack can be proven! Therefore, logging suspicious activities is part of every cyber emergency plan. Careful documentation within the log systems is also essential in order not to lose any valuable information.
Tip No. 5 for hacker attacks: Close cooperation with the legal department
A cyber emergency plan must absolutely cover legal issues after a successful cyber attack. After all, it is not unlikely that cyber threats will cause a breach of the GDPR or have a negative impact on your company's compliance policies. If the in-house legal department is prepared for cyber threats, the procedures in terms of information obligations towards the authorities are already regulated in advance. This means that a successful cyber attack can be responded to quickly, comprehensively and, above all, in a legally compliant manner.
Tip no. 6 for hacker attacks: Generally always keep an eye on all system levels
Cyber threats usually remain undetected in a system for around 10 days before IT security becomes aware of the intruders. The uninvited guests use this time to wander completely undisturbed through the different levels of the system, steal data and develop tactics to circumvent IT security and paralyse the system. Therefore, first aid in the event of a cyberattack always includes keeping an eye on all existing system levels. Of course, this always applies, not only when a cyber attack is taking place. However, system levels should always and continuously be monitored - in order to eliminate cyber threats at an early stage.
Tip no. 7 in the event of a hacker attack: Change access data!
Probably one of the most banal, but at the same time also valuable tips for a hacker attack is to change access data. After all, stolen passwords, access codes and compromised e-mail accounts not only pose an acute danger - but can also cause consequential damage in the future. Your cyber emergency plan must therefore include a strategy on how to deal with the company's own access data in the event of a successful cyber attack. The same applies to this tip for a hacker attack: speed is everything!
Tip no. 8 for a hacker attack: those who take precautions are on the safe side
The best help in the event of a cyberattack is help that is not needed. To ensure that IT security is always in a position to recognise security incidents as quickly as possible, a permanent incident response readiness is necessary. Maintaining incident response readiness requires the development and implementation of a comprehensive cyber defence strategy. In our workshops, we are at your company's disposal to define individual packages of measures against cyber attacks - and thus to expand your cyber emergency plan with a tactical, highly effective instrument.
IT security worldwide is challenged - every day, every hour and every minute. Cyber attacks have long been a global phenomenon and threaten not only the profitability of companies, but also increasingly energy suppliers, NGOs or even public authorities. If the worst comes to the worst, help is needed quickly - and to ensure that IT security can act tactically and without loss of time, a cyber emergency plan is worth its weight in gold in the drawer. Despite state-of-the-art countermeasures, a successful cyber attack all too often remains undetected. This allows the cyber attackers to move through the systems at their leisure and, in the worst case, cause additional damage.
Precaution is the keyword of the hour - also and especially in dealing with cyber attacks. Precaution starts with the training of your employees. Because it is often uninitiated employees who open backdoors in the security measures without any bad intentions and thus virtually invite hackers. Visitors, partners and suppliers also pose a potential security risk, especially in well-intentioned, open visitor networks. Therefore, IT security training of all employees should become standard - as a simple but important building block for more cyber resilience. An effective tip in the event of a hacker attack, even if this seems almost impossible in this day and age, is to take the company offline for a certain period of time. Being offline means that cyber criminals are simply locked out. Of course, it is not possible to completely isolate a company from the internet. But wherever possible, network access should be interrupted, at least for a short time. For this purpose, a permanent incident response readiness must be established. With workshops and training courses, we help companies to quickly recognise cyber attacks and to be able to react tactically and effectively to a successful cyber attack.