How to Recover From a Cyberattack

Cyberattacks are far more costly than they seem. Often, the fallout of a cyberattack can last days even weeks. This fallout is due to multiple different factors that result in long downtime and loss of business.

Unfortunately, most loss reduction measures need to be pre-emptive. While there are steps you can take after a cyberattack to reduce its impact, it’s better to ready yourself early. In this blog, you will find some tips for reducing loss post-cyberattack, as well as what you should do now to protect yourself before an attack occurs.

Effects of a Cyberattack

There are two extremely common reasons for a cyberattack to take place – theft and disruption. When a hacker is trying to disrupt your business, the loss you usually face is a loss in business. Take for example DDoS attacks. With these attacks, the goal is to make services harder to access. A DDoS attack may target a business’s servers so customers can’t access its web store, for example. This means a loss of business, and if it happens regularly, loss of the business’s reputation.

With theft, a hacker’s main goal is stealing something – usually money, data, or intellectual property. While the theft itself may be quick, these cyberattacks generally result in downtime. The post-attack fallout may even end up costing a business more than what was stolen.

Ransomware is the most common type of cyberattack organisations face, so we’ll use that as an example. While the hacker has data locked behind a ransom, a business cannot operate as usual. Services are often disrupted, and affected servers have to be taken down to prevent any more damage. After the cyberattack is dealt with, data has to be unencrypted and rolled back.

Post-Cyberattack Plan

Acting on a cyberattack early is the best way to reduce the damage caused. The sooner you can react the better, as it gives the hacker a smaller time window to work with. Ideally, your business will have an incident response plan in place that outlines the steps to take immediately after the attack starts. If you don’t have a response plan in place yet, here are some things to take into consideration:

• Disconnect your organisation from the internet. This means your servers as well as your company wi-fi. While disconnected, the hacker will be unable to carry out the attack further. Your data will still be locked in the case of a ransomware attack, but it will prevent the hack from relaying data back to the hacker.
• Change passwords. Every password should be changed as the hacker may have been able to steal one. Passwords for computer logins, emails, server access, and Wi-Fi should all be changed. If the hacker has access to any part of your network, no matter how insignificant, it opens you up to more attacks down the line.
• Take your website down. This will mean a loss of business in the short term, but it is ultimately worth the time. A compromised website could lead to customers getting hacked or having their data stolen.
• Update software and security. Make sure all your software is up to date with the latest security patches. This means everything from your operating system (e.g Windows 10) to your Internet of Things (IoT) device software.
• Implement security measures. You should try to secure everything that has a password. With passwords changed, implement multifactor authentication where possible. This makes it harder for hackers to access more of your network if they have stolen passwords.
• Check your firewall. When a cyberattack happens, your firewall is your best friend. Look at logs to identify who has been accessing your servers. This will outline how the attack happened and give insight into how to protect yourself further. You should also update your firewall to prevent the attack from happening again.

Inform People of the Hack

The most important thing you can do after you have stabilised your network is to inform people affected by the hack. If your website is compromised, you should report it. Even while your website is down, customers that have used your website should be informed so they can take measures to protect themselves.

Should you find evidence that the hacker has accessed sensitive data, everyone who is at risk needs to be informed. Ideally, a report should inform people of the time frame the attack took place, who is affected, as well as what you are doing to protect and recover data. It should also inform affected customers of what they should do going forward to protect themselves. 

For businesses in the UK, under the GDPR you are obliged to do several things as well. According to the Information Commissioner's Office (ICO), you must inform affected individuals “if the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms”. You must also keep a record of data breaches that occur, and report the breach to the ICO within 72 hours.

Pre-emptive Measures

The best way to minimise the impact of a cyberattack is to put measures in place early. A frighteningly large number of businesses neglect to put in the effort to protect themselves early. Ideally, when a cyberattack happens, you should be confident that you can reduce the losses you face.

There are many ways to protect yourself before an attack takes place. Take some of these into consideration:

• Multifactor Authentication: This helps make your security stronger and stops hackers from accessing more of your network if it is breached.
• Backups: Having backups of sensitive data helps reduce recovery time. This allows you to restore data to an earlier point after you have beaten a cyberattack.
• Develop a response plan early: Making a response plan ahead of time makes it easier to know what to do when an attack happens.
• Update software early: Always make sure software is up to date with the latest security features. This reduces the chance of hackers getting in through software security flaws.
• Implement redundancy in your network: Try to spread your data across multiple platforms if possible. This includes cloud storage and offsite servers. If a hacker breaches your office network, offsite storage makes it harder for them to access data. 

Use Securiwiser to Make Your Cybersecurity Stronger

Securiwiser’s main goal is to help you improve your cybersecurity strategy affordably. Securiwiser’s cybersecurity evaluation suite will let you know what you can do to better protect yourself against cyberattacks.

Securiwiser checks many factors such as email security, DNS health, and even IP reputation. It will find the weak points in your security and provide you with the knowledge you need to improve it.

Find out how you can better protect yourself against cyberattacks with a free cybersecurity report.