Four questions you need to answer after a cyber attack

Posted by Gemma Sirett on May 29, 2019

Cyber attacks are inevitable, but it’s how you deal with them that can make or break your business. Have you got all the answers, and do you fully understand their implications? Can you be sure the attack won’t happen again?

Swift and comprehensive incident response is a critical step to ensuring the future security of your business and protecting its reputation. It’s not enough to be aware that an attack is taking (or has taken) place. There are four key questions you need to be able to answer following a cyber security breach – if any one answer is missing, you won’t have the full picture, leaving your business vulnerable to future attacks. Not having this level of insight can also damage your relationships with suppliers and affect customer confidence, as it means you’re not in control of the situation.

1. How and where did the security breach take place?

The first step of an effective incident response is to identify how the attackers got in. If you don’t identify this and do something about it, attackers will exploit the same vulnerability for future cyber attacks. Guesswork won’t cut it – any security professional can hypothesise that “it was probably an email”, but you need clear evidence so you can fully analyse all aspects of the problem and devise an appropriate solution.

2. What information was accessed?

Getting a detailed answer to this question is paramount to understanding the impact to your business. Headlines about attackers stealing information are common, but just as importantly, you need to know the scope of what they’ve seen and not taken. Not only will this help you understand the impact of the attack on your business, but it will also allow you to identify if there has been a data breach which needs to be reported under GDPR.

Most businesses only realise their system logs are insufficient after an incident has occurred, when they can’t pinpoint exactly what information was accessed. However, logging every bit of information is a waste of resources and can negatively affect your IT system’s performance, so you wouldn’t want to do that either. Instead, your business should pre-empt the lack of audited information by ensuring the right technologies or partnerships are in place to be able to answer this question when the times comes.

3. How can you recover your systems quickly?

You’ll understandably want to get your IT estate back to normal ASAP to minimise damage to your business, service and reputation. If the compromise method is identified and analysed correctly, IT systems can be remediated in seconds, meaning users and business operations can continue without downtime for recovery.

4. How do you prevent it from happening again?

Knowing your IT estate has been compromised is useless without taking steps to make sure it doesn’t happen again. Take this opportunity to learn from the attack, and shore up vulnerabilities or weaknesses in your defences against further compromise attempts.

Call in the professionals

Enlisting the help of a dedicated cyber incident response team will ensure you can focus on your business, while the experts call on their highly-specialised knowledge and extensive experience to focus on getting you intelligent, actionable answers and insight.

CORVID’s team of experienced cyber analysts can answers these questions for you. They provide fully supported incident response, a comprehensive report with precise details of the attack, and end-to-end support to secure your IT estate and get your business back to normal. CORVID Managed Detection and Response gives you on-demand access to this incident response, while the proactive threat hunting part of the service greatly limits damage to your business by reducing dwell time. Their guidance and expertise is at your disposal when you need it most, giving you peace of mind that your systems are in safe hands. What’s more, you’ll get a detailed report articulating exactly which files were accessed and when – helping you remain compliant with your legal obligations (e.g. if a data security breach has occurred).