An IT department may have taken all the necessary precautions to ensure that they prevent a security breach, and yet shrewd attackers may still get through. Once you’ve been hacked, how does a business deal with the fallout?
As hackers have become increasingly intelligent in their approach, organisations need to be prepared for such situations.
Cybercriminals are constantly looking to new tools and methods, which not all businesses can anticipate or protect against. Crucially, as criminals have grown more sophisticated, and as state-sponsored attacks have increased, the likely motives and methods have changed. This signifies a shift from the old days where hacks were very visible.
Today, advanced, tenacious threats are the norm. Worryingly, the average number of days hackers remain undetected on a network is 243 days. Eight months! That’s a lot of time to steal data.
Often, malware doesn’t want to be detected and generally won’t be seen directly. Rather, companies will become aware due to its effects. This could simply be noticing that your computer is doing strange things. Equally, in financial malware scenarios, employees may notice money missing from their accounts or on their credit cards.
Companies can also look for signs such as unusual network traffic and unusual systems access patterns. Savvy companies will use experienced investigators to analyse their logs for signs of malicious activity, and log analysis tools like Splunk can help here by providing a layer of business intelligence on top of otherwise unfathomable system logs.
Put a plan in place
One of the worst things that can happen to a company that has already been compromised is not knowing what to do next.
As much as we may not want to admit to the possibility of a security breach, it’s important that organisations have a “what if” plan in place that allows them to react quickly. This should be detailed and well-rehearsed so that the business can immediately spring into action.
This playbook should include information about who to call. A very small percentage of businesses have the skills and expertise in-house to carry out a forensic analysis of how and why an attack has happened – and how they can prevent it from taking place in the future.
Continue reading on page two…
Share this story