The frequency of cyber attacks is gaining momentum, as the world watches as the Ukraine is hit by its biggest cyber attack in history, the potential 'wannacry' repeat, now seems to be spreading across the globe, with other countries including Spain, France, Russia and India reporting breaches from the PETYA cyber attack.

Don't be a victim

Causing serious disruption to numerous businesses & banks infrastructure this attack demonstrates that no matter how robust your security systems are, employees are often the weakest link in the fight against cyber attacks and it highlights the importance of educating and training your staff on the fight against cyber crime.

There are some simple steps businesses should take such as alerting staff and warning them to:

  • Avoid clicking on links, opening attachments or emails from people you don’t know or companies you don’t do business with.
  • Be vigilant when opening links or attachments from people you do know particularly if they are unexpected.
  • Be aware of email spoofing, where an email arrives from someone you believe you know, but has unexpected links or attachments.

What next? 24hrs post attack

Your IT department will advise on the best way to ensure any patches, software fixes or updates are applied in a safe manner. Whilst this insight is essential, below are our recommended steps to include alongside IT as part of your 24 hour response plan.

  1. Mobilise crisis management team with support from communications and legal advisers, as appropriate
  2. Record the date and time when the breach was discovered, as well as the current date and time when response efforts begin, i.e. when someone on the response team is alerted to the breach
  3. Alert and activate everyone on the response team, including external resources, to begin executing your incident response plan
  4. Secure the IT systems affected by the cyber-attack to help preserve evidence
  5. Stop additional data loss. Take affected equipment offline but do not turn them off or start probing into the computer until your forensics team arrives
  6. Document everything known thus far about the attack
  7. Interview those involved in discovering the breach and anyone else who may know about it. Document your investigation
  8. Review protocols regarding disseminating information about the breach for everyone involved in this early stage
  9. Assess priorities and risks based on what you know about the breach
  10. Bring in your forensics team to begin an in-depth investigation
  11. Protect your reputation with an internal and external communications strategy, supported as necessary by crisis communications specialists and/or reputation lawyers
  12. Report to police, if/when considered appropriate
  13. Notify regulators, if needed, after consulting with legal counsel and upper management
  14. Notify insurance broker(s) to ensure compliance with policy terms

Think twice…

If you are hit by a cyber-attack you may be tempted to pay the ransom. Often the ransom demands are set at a low level, around €300. This is to make it less expensive to pay the ransom than it would be to pay for outside IT consultants to fix the problem.

There are a few reasons why you should think twice before paying any ransom:

  • Quite often cyber-attacks are a form of advertisement for hackers to show off their abilities and be hired to undertake more damaging attacks;
  • Hackers communicate with each other in chat rooms and the so called 'dark web' and share information about vulnerabilities. If you pay a ransom for one cyber-attack, you may leave your organisation open to further attacks by other hackers; and
  • If your company is in a regulated industry you may have to report any security breach to regulators, so paying a ransom may instigate further regulatory scrutiny.

Your businesses reputation

This attack and Mays 'wannacry' attack focussed on encrypting the data where it is located and then unlocking it once the ransom is paid, rather than any loss of data. While nothing will make an organisation entirely invulnerable to attack, the above steps when deployed together may be the difference between staying switched-on or being forced to go dark when a crisis hits.