Four Questions To Ask After An Attack

Cyber-attacks are inevitable, but it’s how an organisation deals with them that can make or break their business. 
Have you got all the answers, and do you fully understand the implications? Can you be sure the attack won’t happen again? 
 
Swift and comprehensive incident response is a critical step to ensuring the future security of a business and protecting its reputation. It’s not enough to be aware that an attack has taken place. 
 
There are four key questions organisations need to be able to answer following a cyber security breach, if a single answer is missing, the security team won’t have the full picture, leaving the business vulnerable to impending attacks. 
Andy Pearch, Head of IA Services at CORVID, outlines four questions all organisations must be able to answer after a cyber-attack. 
 
1. How and Where did the Security Breach take place?
The first step of an effective incident response strategy is to identify how the attackers got in. Quite simply, if an organisation misses this first crucial step, attackers will exploit the same vulnerability for future cyber-attacks. 
Guesswork won’t cut it, any security professional can hypothesise that “it was probably an email”, but security teams need clear evidence so they can fully analyse all aspects of the problem and devise an appropriate solution.  
 
2. What Information was Accessed?
Understanding specifically what information was accessed by the attacker is paramount to knowing what impact the attack will have on the organisation. Identifying which departments were targeted or what types of information might have been stolen isn’t good enough; organisations need to be able to articulate exactly which files were accessed and when. 
 
Headlines about attackers stealing information are common, but just as importantly, you need to know the scope of the information they’ve seen, as well as the information they’ve taken. 
 
Not only will this inform the next steps that need to be taken, and shed light on which parts of the business will be affected, but it will also enable the organisation to remain compliant with legal obligations, for example, identifying if a data breach needs to be reported under GDPR. 
 
3. How can systems be recovered quickly?
Organisations will understandably want to get their IT estate back to normal as soon as possible to minimise damage to their business, service and reputation. If the compromise method is identified and analysed correctly, IT systems can be remediated in seconds, meaning users and business operations can continue without downtime for recovery. 
 
4. How do you prevent it from happening again?
Knowing the IT estate has been compromised is useless without taking steps to make sure it doesn’t happen again. Managed Detection and Response (MDR) is all about spotting the unusual activity that indicates a potential breach. 
 
If a user is accessing files they would never usually touch, sending unexpected emails or reaching out to a new domain, for example, such activity should prompt a review. The problem for most companies, however, is they lack not only the tools to enable such detection, but also the time and skills to undertake thorough analysis to determine whether it is a breach or a false positive. 
 
A managed approach not only takes the burden away from businesses, but also enables every company to benefit from the pool of knowledge built up as a result of detecting and remediating attacks on businesses across the board. 
With MDR, every incident detected is investigated and, if it’s a breach, managed. That means shutting down the attack’s communication channel to prevent the adversary communicating with the compromised host, and identifying any compromised asset which can then be remediated. 
 
Shifting Security Thinking 
Clearly, GDPR has raised awareness that the risks associated with a cyber-attack are not only financial, as hackers are actively seeking to access information. 
 
Security plans, therefore, must also consider data confidentiality, integrity and availability. But it is also essential to accept the fundamental shift in security thinking, protection is not a viable option given today’s threat landscape. 
 
When hackers are using the same tactics and tools as bona fide users, rapid detection and remediation must be the priority. 
 
Information Security Buzz:           Image: Nick Youngson
 
You Migh Also Read:
 
SMEs Underestimate The PR Damage Caused By A  Cyber Breach:
 
Cybersecurity Is A Job for CEOs, Not Just The IT Team:
 
 
 
 
« Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web
Do Criminals Dream Of Electric Sheep? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

360° Online Brand Protection

360° Online Brand Protection

360° Online Brand Protection have developed a response to monitor counterfeiting and piracy activity at the online point of sale.

Ironhack

Ironhack

Ironhack provide intensive training courses & bootcamps in Web Development, UX/UI Design, Data Analytics & Cybersecurity.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.