Four Questions To Ask After An Attack

Cyber-attacks are inevitable, but it’s how an organisation deals with them that can make or break their business. 
Have you got all the answers, and do you fully understand the implications? Can you be sure the attack won’t happen again? 
 
Swift and comprehensive incident response is a critical step to ensuring the future security of a business and protecting its reputation. It’s not enough to be aware that an attack has taken place. 
 
There are four key questions organisations need to be able to answer following a cyber security breach, if a single answer is missing, the security team won’t have the full picture, leaving the business vulnerable to impending attacks. 
Andy Pearch, Head of IA Services at CORVID, outlines four questions all organisations must be able to answer after a cyber-attack. 
 
1. How and Where did the Security Breach take place?
The first step of an effective incident response strategy is to identify how the attackers got in. Quite simply, if an organisation misses this first crucial step, attackers will exploit the same vulnerability for future cyber-attacks. 
Guesswork won’t cut it, any security professional can hypothesise that “it was probably an email”, but security teams need clear evidence so they can fully analyse all aspects of the problem and devise an appropriate solution.  
 
2. What Information was Accessed?
Understanding specifically what information was accessed by the attacker is paramount to knowing what impact the attack will have on the organisation. Identifying which departments were targeted or what types of information might have been stolen isn’t good enough; organisations need to be able to articulate exactly which files were accessed and when. 
 
Headlines about attackers stealing information are common, but just as importantly, you need to know the scope of the information they’ve seen, as well as the information they’ve taken. 
 
Not only will this inform the next steps that need to be taken, and shed light on which parts of the business will be affected, but it will also enable the organisation to remain compliant with legal obligations, for example, identifying if a data breach needs to be reported under GDPR. 
 
3. How can systems be recovered quickly?
Organisations will understandably want to get their IT estate back to normal as soon as possible to minimise damage to their business, service and reputation. If the compromise method is identified and analysed correctly, IT systems can be remediated in seconds, meaning users and business operations can continue without downtime for recovery. 
 
4. How do you prevent it from happening again?
Knowing the IT estate has been compromised is useless without taking steps to make sure it doesn’t happen again. Managed Detection and Response (MDR) is all about spotting the unusual activity that indicates a potential breach. 
 
If a user is accessing files they would never usually touch, sending unexpected emails or reaching out to a new domain, for example, such activity should prompt a review. The problem for most companies, however, is they lack not only the tools to enable such detection, but also the time and skills to undertake thorough analysis to determine whether it is a breach or a false positive. 
 
A managed approach not only takes the burden away from businesses, but also enables every company to benefit from the pool of knowledge built up as a result of detecting and remediating attacks on businesses across the board. 
With MDR, every incident detected is investigated and, if it’s a breach, managed. That means shutting down the attack’s communication channel to prevent the adversary communicating with the compromised host, and identifying any compromised asset which can then be remediated. 
 
Shifting Security Thinking 
Clearly, GDPR has raised awareness that the risks associated with a cyber-attack are not only financial, as hackers are actively seeking to access information. 
 
Security plans, therefore, must also consider data confidentiality, integrity and availability. But it is also essential to accept the fundamental shift in security thinking, protection is not a viable option given today’s threat landscape. 
 
When hackers are using the same tactics and tools as bona fide users, rapid detection and remediation must be the priority. 
 
Information Security Buzz:           Image: Nick Youngson
 
You Migh Also Read:
 
SMEs Underestimate The PR Damage Caused By A  Cyber Breach:
 
Cybersecurity Is A Job for CEOs, Not Just The IT Team:
 
 
 
 
« Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web
Do Criminals Dream Of Electric Sheep? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange is a new initiative dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy.

Vention

Vention

Vention (formerly iTechArt) is the partner of forward-thinking tech leaders around the globe.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.