Think you might be the latest victim of a cyber security attack? Whether you’ve noticed your devices are slower than normal, certain programs or files won’t open, or outgoing email messages you never sent, these are all signs that something may be wrong. And these are only a few examples of common indicators of compromise (IoCs).
When you suspect a security incident, it’s important to act quickly. With each minute that passes, the attacker has more time to access additional accounts, encrypt or steal data, infect servers, and cause more damage to your operations.
Taking the right steps during and immediately after an incident can significantly lower both recovery time and impact (which is critical considering the soaring costs of an incident). Keep reading to find out what to do and not do after an attack — plus steps to take once you’ve recovered to continually protect your business.
What to do if you suspect a cyber attack
Take a breath and try to remain calm. Experiencing a cyber attack can be scary, especially when you don’t know what’s happening or the extent of the damage. It’s important that you do not panic or react impulsively — taking the wrong steps now can make things worse.
Reach out to our team as soon as possible. Our experts have spent decades identifying, isolating, and resolving security incidents. We can help you respond and recover fast, so you can get back to business.
Identify the internal and external stakeholders. When you suspect a breach, you may need to involve more than just your cyber security team — in-house or otherwise. The response and recovery process may also include cyber insurance providers, legal representatives, or a crisis communications team.
Consider the chain of custody. As you identify and collect evidence, it’s important to follow the proper process to ensure the legitimacy of the investigation. If you’re unsure about this step, our forensics team can help.
Focus on this order of operations: identify, recover, protect. The first two are immediate steps needed to resolve the incident. The third is forward-thinking; determining ways you can improve your defence and reduce your risk of future attacks.
What not to do if you suspect a cyber attack
Don’t wait. Even if you’re not sure whether or not you’re experiencing a breach, please still reach out to us. If it turns out to be a false alarm, we will be able to identify any vulnerabilities that may be elevating your risk of an incident.
Don’t try to cover tracks. Cyber security isn’t a blame game. Trying to hide actions, such as deleting an email that turned out to be a phishing attack, can slow the investigation, response, and recovery process.
Don’t discuss the attack with someone who is not a direct stakeholder. Involving more stakeholders than necessary can prolong the incident response process and cause more damage to your business.
Improving your cyber security for the future
During an incident, your priority should be to stop the attack and mitigate the impact to your business. But what should you do after? Once the dust has settled and you’re back up and running, it’s time to think about taking a proactive, holistic approach to cyber security so this doesn’t happen again.
Your goal should be gaining in-depth visibility across your entire IT infrastructure, and powerful monitoring and analytics to measure, manage, and reduce attackable points. A complete cyber security platform like Covalence covers all of this through one platform.
If you’re interested in securing your business from end to end and gaining the peace of mind that comes from proactive cyber security, contact us today.