How to Recover From Cyber Attacks
By Quan Nguyen
October 15, 2021
Cybercrime occurs much more often than you think. A 2018 Gallup poll revealed that a quarter of American adults have experienced cybercrime. Perpetrators of so-called cyber attacks exploit businesses with weak security and less tech-savvy individuals. These numbers rise in parallel with the world’s increasing online presence, especially due to the recent pandemic.
COVID-19 weakened businesses’ security as they transitioned to the virtual realm, even causing tech giants like Acer to succumb to the largest ransomware attack in March 2021, handing over 50 million USD to REvil. Cyber attacks can target anyone, so preparing for such attacks is critical for protecting people and their data. While you may think of cyber attacks as massive DDoS attacks and data breaches, smaller scale attacks can target the public as well, and the recovery strategies outlined below accommodate both scenarios.
Identifying Cyber Attacks – Have You Been Affected?
A cyber attack is the process of deliberately altering, gaining unauthorized access to, stealing data from, or exploiting a device or network. Black-hat hackers are motivated by a variety of objectives, often seeking notoriety or financial gain. Determining whether you are a victim of a cyber attack can sometimes be difficult. Ponemon’s 2017 Cost of Data Breach Study claims companies can take up to 200 days to notice a data breach or cyber attack that has impacted them. Such ignorance is often due to lack of monitoring and security precautions.
Some of the most common cyber attacks include:
- Phishing – emails and messages that attempt to trick users into revealing personal data
- Malware – software designed to damage computer systems; often injected by downloads from suspicious sites
- Man-In-The-Middle Attack – a perpetrator(s) intercepts sensitive information in an existing connection between two parties
- DDoS Attacks – use of a botnet, or a legion of bots, to flood a network with requests and interrupt service
- Ransomware – encryption of a user’s files on a device and demands of a ransom for decryption
- Non-Delivery Fraud – perpetrators collect payment for a product/service without fulfillment of the purchase order
Hackers are virtually invisible, making identification a potentially lengthy process. Containing a breach prolongs that process, taking 80 days on average. However, some cyber attacks come with obvious indicators like ransomware demand notes, computer pop-ups, or random password changes.
Impact of Cyber Attacks
“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” – Former Cisco CEO John Chambers
To some degree, many established businesses and their employees have experienced a cyber attack which leads to downtime, damaged reputation, and loss of data. Hackers typically look for ease of access and a potential reward. This makes small-to-medium businesses especially vulnerable targets as they are likely to have fewer security defenses and a lack of a recovery plan that could pressure them into forking over a ransom.
A more noticeable consequence of cyber attacks is the loss of data, whether a DDoS or phishing scam hit you. For businesses, there are legal sanctions for failure to uphold security of personal data enforced by data protection and privacy laws. Such data losses also erode clients’ trust in these businesses, resulting in diminishing numbers of customers, sales, and stakeholders.
Hackers frequently target organizations in the healthcare industry for access to vast amounts of medical data. The COVID-19 pandemic accelerated the number of cyber attacks on the World Health Organization and its staff, as well as targeted the public with charity scams. Further harming the public health sector, cyber attacks can impart psychological effects on victims ranging from financial instability to mental and emotional impact. For example, the recent trend of “zoombombing” demonstrates the mental and emotional toll on victims where the attackers display derogatory behavior and hate symbols.
Assuming you have already been affected by a cyber attack, it is essential to understand the steps for recovering, given that businesses are not always equipped to prevent a cyber attack. Having an incident response plan aids in organizing and getting your business back to its usual functioning quicker. It is generally recommended to stop production to find the source. Keep in mind that the attack may be internal.
1. Identify the Issue
Before taking any action, confirm that someone attacked your company and identify what they stole or damaged. This first step is crucial to determining how your company should handle recovery. Remember to document the process as you work through recovery.
2. Shut Down
If you confirmed a cyber attack, especially if the attack was recent and interferes with workflow like ransomware, pause production on affected systems. Disconnect the internet, update firewalls, replace passwords for a stronger one, etc. The goal here is to prevent further spreading of some malware.
Similar to shutting down, you will want to contain the breach and minimize further damage. This may include rerouting network traffic, freezing financial accounts, and scanning systems for malware. If the aftermath is significant, connect with a crisis manager.
4. Assemble an Incident Response Team
During a cyber attack, your employees are a huge asset. Gather technical personnel to examine the attack and PR experts to protect the brand name. Even with top technology defenses, your company is vulnerable without members to carry out security and recovery processes. This team should determine how the attack has affected the company and whether there is any salvageable data.
5. Notify Contacts
Inform your frequent contacts if the perpetrator hacks your email or communications. Caution those contacts to avoid suspicious messages and inform them if personal data was compromised. Communicating with clients and stakeholders is critical to maintaining relations and reputation.
6. Replace Technologies
If applicable, upgrade your hardware and software with more sophisticated security features. Apply security patches as needed.
7. Restore from Back-Up
Retrieve your latest system back-up to restore potentially lost data. If you do not have back-ups, consider investing in some back-up and recovery apps (a highly recommended practice).
8. Report the Cyber Attack
Reporting a cyber incident may grant businesses government assistance in recovering from a cyber attack aftermath. Doing so may also help gauge the scale of the threat, especially if the attack affected multiple parties.
“Breaches and attacks, regardless of if they are from the inside or outside, hinge on the behavior of people. No technology can stop a motivated person with enough time and resources. It can prevent the majority but not plurality.” – James Sipe, VP of Compliance and Information Security
As Sipe says, preventing a cyber attack is almost impossible if the perpetrators have enough resources. Thus, preparing for an attack and knowing how to respond is important. However, consider this a short-term response. After experiencing a cyber attack, prepare long-term responses to prevent future attacks. For information tailored to more specific encounters, refer to Stanfield IT’s extensive guide for cyber attack recovery.
A cyber incident recovery plan provides safety, but should ideally remain unexecuted. Most would prefer to take precautions so attacks do not occur. Adopting a zero-trust mentality and assuming your data will be breached or has been breached helps you make responsible decisions. However, Varonis claims that only 5% of companies properly protect their folders.
Some methods to prepare for cyber attacks are to:
- Implement defensive software like firewalls, anti-virus, and VPN to prevent DDoS attacks
- Inform yourself and your company on how to detect phishing messages and stop spam
- Monitor your systems with threat-detection technologies and test your system’s integrity
- Practice privacy by using safe logins like humanID
humanID offers safe, anonymous logins via multi-factor authentication. They use your phone number to verify your identity, and assign you a hashed, unique identifier that is irreversible. The phone number is then erased from humanID’s database so your information cannot be traced back to you. This solution is perfect for mitigating attacks and bot traffic, creating a more private and efficient workflow.
Ultimately, it is critical to assume that a cyber attack is inevitable and to have a response plan. Whether you work with a company or have concerns about your data as an individual, take action to both prevent an attack and know how to respond if these measures fail. Being proactive is the best way to avoid data loss, so take ownership of your personal data.