Welcome to the second blog in the series about surviving a cyber-attack. Here we explain what should be done further (and by whom) to deal with the consequences of a cyber-attack. We also share survival tips and tell you what’s at stake during a cyber-attack, so let’s get going.
What’s at stake
Intellectual property loss
Sensitive data is at risk of becoming public, from client information to business patents.
Expect legal defense expenses and costs for damage compensations and financial penalties.
The public aftermath of a cybersecurity incident can cause reputation loss, resulting in a decline of company market value and trust of customers and business partners.
Time and administrative costs
Many hours go into researching, restoring, preventing and administering a security incident. And don’t forget the time it takes to communicate with clients and the media.
Step 3: Do tell or don’t tell?
It’s one of the biggest dilemmas companies face after a hack. Who do we bring in the loop and when? Communicating about your hack requires a well-thought-out strategy. You can’t just come up with a communication plan in the midst of controlling the incident. Many countries, like The Netherlands and the US, have laws that require companies not to withhold information about breaches that involve customer data. When hackers are still active in your system, going public can, however, lead to them going rogue. So think twice before you sound the alarm.
IRT, development, management, the board, legal, police, local authorities and the government.
Survival Tip: Alert the authorities
Many companies undervalue the capacity of the authorities and the police. However, dedicated cybersecurity forces such as the Nationaal Cyber Security Centrum (NCSC) have undergone tremendous improvements in the last couple of years. Not only are you obliged to bring them in, but their value is not to be underestimated.
Step 4: Close the gate
Addressing the hack is, in the first instance, focus on mapping the scope of the hack, investigating what applications have been touched and what the potential damage could be. Afterwards, the priority quickly shifts towards closing the gate. Retracing what has happened is a tedious job, often requiring going through innumerable log entries. Designate a war room with a red phone (to the pizza place) and work with the IRT tirelessly until the breach is plugged. Expect to find that the breach originates from a while back: the number of days to identify a data breach averages from approximately 191 in 2017 to 197 days in 2018. Containing a breach takes on average, 69 days (Ponemon Institute 2018).
IRT, development, management, the board, authorities.
Survival Tip: Document events and findings
Document and log every action your IRT takes. This helps you build a strong case serving as evidence for involved authorities as well as a roadmap for development after this whole crisis is averted.
That’s it for now, stay tuned for the next blog containing more valuable information about surviving a cyber-attack and preventing the next. In the meantime, we suggest you read up on our other blogs (have you read the first blog in this series?), explore the website and/or download our brochure. Or leave us a contact request so we can get in touch with you. Cheers!