You’ve Been Hacked - Now What?
In recent years, security incidents have become an increasingly common part of digital life. According to recent reports, there is a hacker attack on average every 39 seconds and a whopping 43% of these attacks target small businesses. By 2020, the average cost of a data breach will exceed $150 million, and there will be a massive 200 billion connected devices for hackers to attack.
Thanks to the rapid adaptation of hacking tactics, it’s become increasingly challenging to avoid cyber attacks. Fortunately, being hacked does not have to be the end of the world. In our recent expert panel, we brought together a panel of experts to discuss the modern digital security environment, and what you can do if you get hacked.
Let’s dive in.
The Current State of Digital Security
Global spending on cybersecurity is supposed to increase to about $6 trillion by 2021. Despite this, about 77% of organizations do not have any form of Cybersecurity Incident Response Plan. As a result, an estimated 54% of companies say they’ve experienced at least one attack in the last 12 months.
To get a more in-depth understanding of this, we polled our webinar attendees during our recent expert panel. We asked how many organizations have experienced a security incident in the last 12 months. Of the respondents, 41% answered “yes,” and 50% said “no.”
As you can see, cybersecurity attacks have become increasingly common among companies of all sizes. While learning to avoid an attack is critical, learning to respond to one is also a significant consideration.
How Will You Know if You’ve Been Hacked?
Today, security breaches come in all shapes and sizes. Because of this, it can be tough to know you’ve been hacked. Fortunately, you can identify hacks by looking for the following signs:
A Ransomware Notice
This is one of the most obvious indications that your company is under attack. If you receive a ransomware notice or experience a complete system shut-down, you can bet hackers have infiltrated your system.
Depending on who hacked your system, the ransomware notice can come in a few different formats. Typically, the hackers will ask for a ransom. When you pay it, they’ll provide the key you need to unlock your system. If you don’t want to pay the ransom, you can overhaul your network using data backups, so hopefully, you have those.
Strange Account Activity
Hackers know how the human brain works, and they’re not afraid to exploit it. For example, they understand that a company’s employees are likely to trust communications form its higher-ups. Because of this, hackers may establish phishing campaigns originating from executive accounts and targeting the rest of the company. While this activity can be challenging to spot, the best option is to train employees to recognize strange behavior and report it immediately. “When it doubt, call it out” is an excellent policy.
Odd Network Activity
No matter how sneaky an attack is, there will be some bread crumbs left behind. Things like sudden spikes in outbound DNS traffic, the sudden appearance of large, unknown files, and other glitches are all sure signs of a hack.
The Top Security Threats Facing Companies Today
It can be overwhelming to think about the security environment on the web today. Here’s how Kevin Walsh, a 23-year veteran of the Secret Service and leader of the service’s Electronic Crimes Task Force, has to say about the cybersecurity challenges facing companies today:
“I'll start with what we call the business email compromise or the ‘man in the middle.’ We see increased attacks from this vector. It's been very profitable. There's been over $12 billion in fraud over the last five years with this type of attack, which is closely related to phishing. Ransomware has also been in the news recently. We've seen some more targeted attacks from the ransomware. We've also seen an increase in demand, but I think one of the most significant risks is supply chain attacks. We have noticed a rise in that vector of supply chain attacks. Now, with mergers and acquisitions and more things moving to the cloud and being outsourced, it is the fastest-growing vector.
To round out the picture, Johnny Lee, Principal at Grant Thornton where he leads a practice called the Forensics Technology Services Group, responded:
“We see a lot of ransomware, and we're seeing a lot of simple forgeries and imposters inserting themselves into a transaction. I think the perspective I would offer there is that as an analog in the human resources arena, right? The reason we do 360-degree reviews is that we're trying to get a perspective that we don't always see or hear about. I think cybersecurity is quickly becoming an arena where that same mentality applies. Two very traditional internal controls structures like supply chain, like procurement, like accounts payable. The reason being that you have, through technology, inflection points that didn't use to exist, right? If you were going to commit fraud in a traditional AP environment, you would have to printed document masquerade as someone else physically show up somewhere and socially engineer them. Now you can do all that from a desktop on the other side of the world with just a few clicks and a little bit of subtlety. So it's not just the inception of the process and the culmination of the process where the controls need to be strong. It's at every touch point along the way.”
Should Your Company Ever Pay a Ransom?
Several of our panelists mentioned ransomware. According to UC Berkeley's Information Security Office:
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The payment demanded from individuals varies greatly but is frequently $200–$400 and must be paid in virtual currency, such as Bitcoin.
One question many companies have is this: “If we are attacked by ransomware, should we pay the ransom to get our files back?” The answer, as it turns out, is complex. According to John Lee, it depends on policy. As a matter of public policy, paying ransoms is a bad idea, as it encourages bad actors to continue with their bad behavior. As a practical matter, though, paying ransoms may be the only way a company can continue operating. This is especially true for companies that don’t have sufficient backups or the ability to restore specific key data. These companies may have no choice but to pay a ransom.
Kevin Walsh, meanwhile, provided us with the stance the Federal Government takes around paying ransoms:
“We do not encourage you to pay the ransom at all. The government will never say that you should pay the ransom...you're not sure who you're dealing with. You're not sure if you're going to get your data back. You're not sure if the decryptor is even going to work. In addition, the more people that pay the ransoms, the more this becomes a profitable crime. We've also seen recent ransom amounts go higher and higher. There were cases in Florida for very targeted specific attacks, and now with higher and higher dollar amount ransoms being paid, you're going to see an increase in the demands as well. And we have seen the same thing. Once a company has demonstrated that they are committed to paying the ransom, they are often targeted and revictimized...we understand it's a business decision, but hopefully, the preparation is on the front side instead of paying for it on the backside.”
5 Tips to Respond to Hacking Attacks
As you can see, recovering from a hacking attack can be expensive, complicated, and time-consuming. With that in mind, it’s smart for companies to prepare on the front end, rather than merely responding once the attack happens. If a hacking attack catches you unaware, here are five response tips:
1. Follow a communication plan.
Figuring out who to inform after a hacking attack is critical. What does the attack mean? Who should you tell? How do you tell them? When do you tell them? Implement a communication plan before the hacking attack occurs to carry it out once the attack takes place.
2. Secure IT systems.
As soon as you realize the breach, secure your IT systems to limit the scope of the attack.
3. Launch backups.
Hopefully, you’ve developed a good crash plan for your website. Now is the time to launch that crash plan and deploy your backups to protect your data from further harm.
4. Notify authorities.
Let the authorities know about the cyber attack on your organization. This will help protect your customers and make a record of the attack so that authorities can respond.
5. Create redundancy in your data.
This is a critical part of data security and protecting your assets. Data redundancy is a condition created within a database or data storage technology where the same piece of data is held in two separate places.
The 5 Don’ts of Responding to a Cyber Attack
Just like there are many Dos for responding to a cyber attack, there are a few things you should not do. They include the following:
1. Don’t turn off computers.
Some people think that they’ll be able to contain the attack by turning off the affected computers. Unfortunately, this doesn’t contain the attack, and it only makes it harder for you to monitor its progress if it’s still ongoing. Instead, create real-time visibility and track the attackers accordingly.
2. Don’t obsess over the root cause right away.
The same goes for assigning blame. While it's essential to identify the weak link eventually, focusing too much on it now will only impede your ability to respond. Have your audit team worry about those things later, so you can devote your time to containing the attack now.
3. Don’t require everyone to report back.
Requiring individualized, constant reporting from all team members is overwhelming and ineffective. Instead, designate a few team members who can bring top management up to speed each day, and let everyone else work to get everything back to normal.
4. Don’t get frantic and allocate your whole cybersecurity budget to prevention.
While this may seem wise, it will leave you vulnerable if hackers do manage to get through your defenses, which - given their continually increasing skills and capabilities - is very likely. Instead, invest in mechanisms that will help you identify and stop attacks and clean up your operations after the fact. Part of your budget should also go toward raising awareness about cyberattacks, as it is your team that ultimately decides how successful you will be at mitigating the attack. Education is everything and can save you thousands in the long run.
5. Don’t let your guard down after an initial attack.
Some companies come through one attack, update their security and prevention measures, and then assume that they're safe from further attacks down the road - or at least better-protected. While this may be true, you can’t ever afford to let your guard down. Instead, carry on with your cybersecurity as if outside threats are continually attacking you.
Is Your Organization Ready?
When it comes to hacking attacks, an ounce of prevention is worth a pound of cure. In the words of Johnny Lee, “Cybersecurity is no longer an IT problem. It's a business concern.” With this in mind, it’s wise to take steps to protect your company against hacking attacks before they happen. This includes things like putting a preparedness plan in place, understanding your insurance, and making a plan to recover from an attack that does happen. While it requires some investment on the front end, it’s critical to protect your company and customers.