Cyber attacks happen daily, yet most businesses aren’t ready for them. Recent cybersecurity statistics show that 54% of companies are unprepared to recover from today’s cyber attacks. The reason is simple: most organizational leaders don’t think it will happen to them.
But the truth is, any business is a target, and the stakes are high, especially now that we live in the “golden age” for cybercriminals and hackers. A successful cyberattack can cost a company millions of dollars, damage its reputation, and even put lives at risk. The average cost of a data breach in 2022 is $4.35 million. This doesn’t even go into the criminal charges that could happen- like those affecting Uber’s Former Chief Security Officer- for a cover up.
Scope the Breach: Will You Require Outside Help?
Because security breaches are more or less inevitable, your biggest worry should be how to survive a cyber attack. The first step in this process is scoping the damage.
Determine the extent of the damage and whether you can manage it internally. If not, start inquiring about outside help.
Questions to Ask Yourself:
Are systems impacted? How many?
Are users impacted? How many?
Is data compromised? What types?
Is the data encrypted?
The first few reactive steps are asking questions to make an analysis to identify all the damages. However, you can be proactive, too.
Have a Cyber Incident Response Plan
It takes an average of 207 days to identify a cyber incident. You should have a plan for how you will respond when the incident finally occurs. Design the plan to help you contain the damage, limit the exposure of sensitive data, and restore normal operations as quickly as possible.
In addition, consider following established best practices for incident response like those by GDPR or NYDFS. This increases the chances to survive a cyber attack. Here is an overview of each framework.
GDPR Cybersecurity Requirements
The General Data Protection Regulation (GDPR) is a set of regulations that apply to any company that processes the personal data of EU citizens, regardless of where the company is located.
Under GDPR incident response guidelines, your company must notify the relevant supervisory authority about an attack within 72 hours of learning about it. If you send the notification later than 72 hours, you should have a good reason for the delay.
The notification should contain details about the incident, the data involved, and the number of people affected. It should also include the contact information of someone within the company who can provide more details.
Your notification should also indicate the likely impacts of the security breach and how you plan to contain its negative effects. If you can’t gather all this information at once, the GDPR dictates that you provide it in bits.
If the incident puts anyone at high risk, your company should notify the victims as soon as possible. An incident is a high risk if it could lead to economic and social disadvantages, such as identity theft, which happens every 22 seconds.
NYDFS Cybersecurity Requirements
The New York Department of Financial Services (NYDFS) has released its own set of regulations for financial institutions licensed by the State of New York whose assets exceed $8.8 trillion. The institutions include insurance companies, banks, credit rating agencies, virtual currency companies, and credit unions.
The guidelines require all covered entities to send a notification to the superintendent within 72 hours of a cybersecurity event. NYDFS defines cybersecurity events as those acting or infiltrating information systems or their stored data.
Your organization must report such attempts, even if unsuccessful, provided that unauthorized access to the systems could disrupt and misuse information.
Send a notification if the event is likely to disrupt your normal operations. Report the same to a government body or any other supervisory body.
NYDFS insists on reporting unsuccessful attempts because they raise serious concerns. Reporting such events is especially necessary if they are not routine. However, it is your responsibility to judge which unsuccessful attacks are serious enough to report and which ones not to.
How to Recover from a Cyber Attack
Once you’ve dealt with the initial fallout and implemented the appropriate response plan, you should focus on how to recover from the cyber attack. This includes figuring out what happened, how to prevent it from happening again, and how to restore any lost data.
The first step: assess the damage. Your IT team should account for anything lost or destroyed, affected systems, and duration of attack. This information will help you determine the extent of the damage and what your company should do to fix it.
Next, you need to determine how the attack happened. Focus on tracing the source of the attack and identifying any exploited vulnerabilities.
Once you know how the attack happened, you can take steps to prevent it from happening again. For example, if the attack was due to a phishing email, you can implement better email filtering rules or give employees training on how to identify phishing emails.
Finally, you need to restore any lost data. This may require working with third party data recovery services, depending on the extent of the damage.
After recovering your data you should put in place better backup and disaster recovery protocols to prevent data loss in the future. Depending on the extent of the damage, the recovery process takes an average of two to four weeks, but can take longer.
Prepare Yourself to Survive a Cyber Attack
Cyber attacks are a serious threat to businesses of all sizes. However, knowing how to survive a cyber attack helps minimize damage and get your business up and running again. Follow the steps outlined above to ensure that you are prepared for a cyber attack and know how to recover from one.
For more information on ThriveDX Security Awareness Training, please visit here.