Cyber-attacks are predicted to rise, meaning the overall risk of a successful attack is becoming more likely. Even with Cybersecurity measures in place, no system is completely secure so in most cases having a response procedure in place can be the best defence.
Here are some of the steps we suggest taking if you suspect you’re under attack:
Confirm
Often the most crucial step of defending against a cyber attack is determining when an attack is happening and if it has breached your defences. We suggest implementing threat detection software to alert you of any suspicious activity or threats that could be attempting to access your system. This should reduce your overall response time meaning a greater chance of stopping/minimising the attack.
As soon as you have the slightest suspicion that your systems are under attack, alerting the correct people can increase your chances of stopping the attacker.
Contact
Communication is a key aspect of a response procedure and if used effectively can stop an attack from spreading further.
Information on what type of attack it is can give your response/technical team a headstart on stopping it, so getting this to them as soon as it’s available is key to improving your response time.
Having clear channels dedicated to this situation, instructing and informing the correct people should ensure that the whole procedure goes ahead as planned.
Some channels you may want to include:
All Staff – Inform them of the procedure and give clear instructions on what they need to do.
Technical/Cybersecurity team – Alerting any response teams of the threat and sending over all useful information should help them to act quickly and efficiently.
Once the alerts have been sent out, is it important to act immediately.
Contain
Once an attack has penetrated your systems it can spread no matter where the entry point was so it’s a good idea to contain this as best as possible.
Some ways to help contain the spread are:
- Remove all removable media/backups from the system.
- Disconnect all affected or potentially infected networks from the internet.
- Ensure no one is accessing any sensitive data during this period.
- Update all your systems if they’re not already up to the latest version.
- Change all accounts/platform passwords.
Control
Once you and your team feel you have contained the breach as best as possible it’s now a good time to get the situation under control.
The steps we recommend taking are:
Recovery – finding which areas have been affected and what data has been compromised should help you to work out what needs repairing and what needs to be restored.
Entry points – ensuring that no unauthorised entry points are still active should prevent any further attacks utilising these vulnerabilities.
Inform – informing all necessary parties about the attack such as customers or partners is a good idea certainly if any of their data has been breached. This should enable them to account for the compromised data and maintain their trust in you.
Report – reporting the attack to the appropriate authorities is one of the best ways to help prevent future attacks like this and play your part in combating cyber attacks.
Compile
After falling victim to a cyber-attack, one of the best ways to avoid this happening again is to learn as much as you can from this. Using this information to build a robust procedure which is regularly practised and updated should help to reduce your chances of a future attack being successful.
If you would like to find out more about how we can help you become more cyber secure please get in touch on 0161 464 6101 or send an email to hello@datacentreplus.co.uk.
