The events of 2020 have made it clear that we’re now living in a different world. Our work and social lives have been upended. And the risk to our personal health has been elevated. And added to all that, you’ve just been hacked.
Unfortunately, COVID-19 has changed the whole cybersecurity risk profile as teams, or even entire organisations, have moved to remote working. This has changed the ways in which cyber attacks can be carried out, as well as increased your overall likelihood of being hacked.
The most common attack vectors include targeted phishing and spear phishing attacks involving cybercriminals luring people to fake websites in order to collect personal information or valuable data such as login or platform credentials. Other vectors include unpatched apps or Trojan horse software, which are both easier for cybercriminals to carry out on hardware and processes that have been moved away from centralised office-based systems.
But now that it's happened, you need to not only resolve the impacts of the hack itself, but develop an entirely new approach to cybersecurity that reflects our new reality.
Your top priority always needs to be limiting the damage done. The means prioritising getting your business back to full speed rather than focusing on trying to track down the attacker. Most attacks occur far beyond the jurisdiction they occurred in, so it's rarely a good use of time trying to hunt down the culprit unless you believe it was an internal hack.
In some cases, getting things back to normal can be relatively straightforward if you have a recovery process that allows you to simply restore your system to a known good state. Other steps will likely require that you securely take back control of online profiles and software that the hackers may have compromised.
This will necessitate contacting the account holders for each app or service involved as well as resetting passwords or establishing new email or online accounts. Depending on the severity of the attack, you may also need to report the hack to law enforcement.
Now the immediate damage has been taken care of, it’s time to create a plan that puts you back in control. This is achieved by developing a specific cybersecurity plan, ideally one that follows an industry standard framework such as NIST 800-61. This creates a far more comprehensive strategy that ensures there are none of the gaps that commonly occur in informal strategies.
Your new cybersecurity framework will essentially be composed of four elements: planning, detection, recovery, and follow up.
This involves developing a specific plan that clearly lays out the process for dealing with any future incidents. It outlines procedures to be followed as well as the specific people or teams required to deal with an incident. This removes any ambiguity as to what needs to be done and who should be doing it.
This ensures the capability exists to detect and analyse an attack. This needs to detail a process to be able to analyse an attack source, which hardware or resources are affected, and how they can be remediated.
Depending on the type of hack, the recovery phase may involve containment efforts in addition to eradication and recovery measures. Containment measures are those that involve preventing an attacker from being able to access important data even if they manage to breach a device or network. Recovery measures may involve restoring systems to earlier states or patching identified vulnerabilities.
Your cybersecurity strategy needs to include steps to ensure lessons are learned from any hack or deviation from the cybersecurity plan. It should also outline a set periodic review process so that the organisation can be regularly audited on prior performance in adhering to the cybersecurity plan. Cybersecurity is a constantly shifting landscape where attackers never stop evolving their attack strategies. This means your plan needs to be constantly evolving too.
At the end of the day, your cybersecurity strategy is only effective if it is closely followed and regularly updated. It cannot be a document that is created and then ignored. The threat of hacks is very real and potentially very costly. But unfortunately, many organisations don’t take the threat seriously enough. This is evident from a recent report by Optiv into cybersecurity threats, which found that more than a third of Chief Information Security Officers don’t even practice their cybersecurity plans at least once a year.
Take the time to develop a robust cybersecurity plan, train your staff on its use, and revise and practice it regularly. This will put you in the best position possible to avoid any future hacks and protect yourself from the evolving cybersecurity threat landscape.
If you would like to find out more about how you can avoid cyber security threats in your business, talk to the experts at FinXL.