It is not a situation any network administrator ever wants to be in. Yet, considering the multitude of attacks nowadays, the possibility of being in such a situation is getting more and more likely. The last year has shown us that no company, big or small, is safe from being hit by a cyber attack. Malicious cyber criminals are getting cleverer in their methods; the tactics are getting even more refined and newer variants of malware are getting produced almost every day.
While no one wants to think of this kind of outcome, such a line of thought is not very clever. Cyber security and risk assessment have a lot in common and hence, a network administrator must consider the worst possibility and plan accordingly. In this case, the worst possibility is of being the victim of a cyber attack. Now there are plenty of tips and advice on what to do in such a situation. However, it is also important what not to do. A lot of seemingly harmless things can actually go a long way in making a bad situation irretrievably worse.
Not having or not following an Incident Response Plan
It goes without saying but every organization must have a proper Incident Response Plan in place for the possibility of a cyber attack in the first place. Not having one in place is an immediate red flag but even if there is one, network administrators must ensure that is followed properly without panicking.
A proper incident response plan must define the scope and objectives, assign contacts and responsibilities, emergency activities, the notifications process and incident closure. A proper communication plan must have also been outlined and strictly followed in case of an incident. Ideally, the incident response plan cannot be designed and then left unattended – it must be continuously updated in light of the changing trends in cybersecurity.
The conclusion is simple: follow your organization’s incident response plan to ensure that you take the correct actions during a cybersecurity incident.
This point cannot be emphasized enough. The first reaction to a cyber attack at an organization is panic. The IT team may have never encountered such a situation before and the natural reaction is to get scared and panic. But this is the worst possible reaction you can have to a cyber attack. In fact, that is exactly that the perpetrators of the attack – the cyber criminals – want. Panicking leads to irrational decisions which are rash, emotional and illogical. These can make things worse and allow cyber criminals to do exactly what they want, i.e. ask for more ransomware, access more devices, etc.
Trying to keep the attack a secret
For network administrators, there is a temptation to try and hide the entire event. Network administrators may be susceptible to the belief that their jobs will be at stake if the senior members of an organization find out about the breach. Letting customers know could also negatively affect brand reputation. So the thinking goes: why let anyone know?
Nothing could be more dangerous. Ideally, this should be laid out in the Incident Response Plan but it still bears repetition: efficient communication is a must in the aftermath of a cyber attack. If a communication chain has been established, it must be followed and everyone in the company must be aware of the attack so that they do not mistakenly commit an action which makes things worse.
As for the customers, they must also be informed as soon as possible so that they are aware of how their data may be misused and can take corrective action accordingly. Of course, no company likes being at the receiving end of a cyber attack but network administrators can take heart from the fact that remaining transparent about an unpleasant incident and the company’s handling of it can actually lead to good brand equity in the long run.
Not switching to a backup immediately
It is critical that an organization switches to a backup as soon as they detect a breach of security. Any delay in the same could lead to bad consequences with even the backup files being affected. Network administrators must be methodical and careful about it – they must switch to the last safe known backup. This will involve identifying the exact point the transaction happened.
The threat of cyber attacks is real and enterprises need to “unrisk” it before it is too late. The chances of a cyber attack can be greatly diminished by using proper security solutions like Seqrite’s Endpoint Security (EPS) which can protect networks from advanced threats.