"It's Saturday, 7:30. Your business is in weekend mode. Suddenly, you lose control of your network and computer systems. Cybercriminals have managed to get their hands on an administrator account. Your company has been hacked." So begins Catherine Van De Heyning (UAntwerpen and Artes) the Cyber Security Coalition's first cyber talk in collaboration with the FEB and Agoria.
Current events make it painfully clear again and again that cybercrime is a reality that every company - small, medium or large, listed or unlisted - must consider. And as is often the case, those who are well prepared have an edge.
The weakest link?
Preparing for a hack or other cyber incident involves technology, processes and people. Technology to avoid, detect and mitigate incidents. Processes help maintain control and oversight.
People (management, staff, clients, suppliers) are often portrayed as the weakest link in cybersecurity. And admittedly, often a human act is at the root of a successful hack. But a knowledgeable person can also make a difference in the positive sense. Therefore, make sure each person is aware of how he or she personally contributes to your company's cyber security. Emphasize the importance of strong passwords, or even better two-factor authentication, be sure to also inform about phishing and make sure there is no reluctance to report anomalies.
An incident response plan
A hack always comes unexpectedly and at a bad time. You can react quickly and appropriately while panic strikes only if you can follow the steps of a pre-developed plan. The outlines of such an incident response plan can be summarized as follows:
- Identify the activities and resources you want to protect and the potential threats;
- Map with which damage your company must take into account: both the damage that your company itself may suffer (the cessation of activities, the loss of information, reputation ...) and the damage that third parties may incur (liabilities) is important here;
- Check whether there is a reporting requirement on your company. The General Data Protection Regulation (GDPR) and Network and Information Security (NIS) legislation in certain cases require you to report a cyber incident to the authorities as soon as possible.
- List and assign responsibilities in the context of an incident responsibilities to specific individuals. They will be your incident response team in case of a cyber attack;
- Identify and contact the external experts whose help you will need in the context of a cyber incident. Consider not only technical experts, but also legal experts, for example;
- Prepare a communication strategy for, both to internal stakeholders, and to governments, customers and media;
- A cyber insurance to insure residual risk is increasingly not a luxury.
In conclusion, a good plan is a tested plan!
Need inspiration for your company's incident response plan? A lot of information is available for free on the Internet. For example, take a look at the Cyber Security Coalition's Guide to Incident Management, Sans Institute's Incident handbook or NIST's Contingency Planning Guide.
Hacked, now what?
If your company is actually hacked, activate your incident response plan as soon as possible. The first steps will always be to convene your incident response team and get the best possible picture of what is going on. The next step is to get the incident under control. Finally, elimination of the incident and remediation of your systems can be initiated.
To pay or not to pay?
One of the most common cyber incidents today is ransomware. Consequently, one of the most frequently asked questions when dealing with a cyber incident is whether or not a company should pay the requested ransom. As stated in a previous article on this subject, paying the ransom is not recommended. After all, you are not 100% sure that you will get your information back and you are also sponsoring the cyber criminals for their next attack. Thus, it is better to recover your files from a backup or with a decryption tool. However, in some cases, none of these solutions will be able to provide solace.