Janus Associates Blog - Bringing You Cybersecutity Industrty News and Threat Reports

What to Do If Your Business Has Suffered a Cyber Attack

Written by Janus Associates | Jun 10, 2021 3:17:29 PM

If you've been following the news at all lately, you know that cybersecurity is more important now than ever. Devastating cyber attacks continue to increase in frequency and severity. 

Maintaining proper cyber hygiene is vital, as failure to do so could lead to disastrous losses for any organization. In response to the escalating cyber threats, federal and state governments are taking action and have proposed mandatory requirements for multiple business sectors.

In the latest reports for 2023:

  • Small businesses usually spend less than $500 on cyber security.
  • 64% of companies have experienced at least one form of a cyber attack.
  • Ransomware accounts for 24% of malicious cyberattacks.
  • Instances of ransomware attacks surged by a staggering 128.17% from 2022 to 2023.
  • Over 75% of cyber attacks start with a scam email.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • In 2022, cyber insurance premiums in the United States surged by 50%, reaching a total of 7.2 billion dollars in collected premiums.

In light of successful cyberattacks on multiple governments and corporations, it begs the question - what can the rest of us do? The answer lies in prevention and planning.

In the event of an attack, there are practical steps your organization can take to mitigate the impact. Let's delve into these crucial measures.

What To Do After A Cyber Attack

You might not have advanced technical skills or know much beyond basic Google searches, and that's perfectly okay. However, if you're managing a business and suspect it has fallen victim to a cyberattack, it's critical to understand that sensitive data could have been compromised during the breach. Taking immediate steps to minimize the impact and prevent future incidents is paramount.

1. Investigate Immediately

Believe it or not, the average company will take 197 days to even notice that a data breach has occurred. Think that's bad? It takes them an average of 68 days to contain it. Don't be the average. Take action immediately to mitigate the damage.

The first step is to confirm that the breach happened as soon as possible, and then find out how it happened and what information was accessed.

2. Document Everything

Document everything that happened in the cyberattack.

  • When it took place
  • How it affected your business
  • What information was stolen
  • If a ransom was demanded
  • The type of attack that occurred
  • If any employees were contacted or involved with the attack along with their contact information

If applicable, report it to the police and any relevant agency, such as the Department of Homeland Security (DHS) or the FBI Internet Crime Complaint Center.

Consider enlisting the expertise of an IT forensics team to aid in gathering essential information and resolving the matter. Providing them with as much detail as possible upfront will optimize their efficiency and lead to more effective and budget-friendly outcomes.

 

3. Contact The Right Authorities

In May of 2021, President Biden signed an executive order on cybersecurity after the Colonial Pipeline incident (along with others). Other than the enhanced cybersecurity features, what's most important to know is the expected protocol for businesses after they are attacked.

Part of the order aimed to improve investigative and remediation capabilities. Inadequate logging harms an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact, so make certain that your system logs are turned on and set to retain data for at least 30 days. 60, 90, or 120 days is even better.

As of 2023, publicly traded companies must report IT system hacks to the government and disclose cybersecurity risk governance in public filings, per new SEC regulations. You can find the details of that document outlined here.

4. Disclose The Event

If your company is holding customer data, such as credit card, contact, personal identity information, or personal health information, then you are required to report the incident to the authorities.

Each state has specific requirements, and you may be subject to multiple state disclosures based on what you store data, where your physical locations are, and whether that information is multi-state, if the information you store is health-related, you will need to file with the federal government.

Click here for further information, or click here to see the individual requirements for all 50 states.

You should have your disclosure statement reviewed by an attorney. Depending upon the size of your organization and the size of the breach, you may want to work with a public relations firm before releasing it to minimize reputational damage to your organization but keep in mind that there are legal and compliance timers running related to releasing information.

Be sure to inform your customers promptly and provide them with a clear outline of what the company intends to do about the situation. This proactive approach not only helps in managing the fallout but also fosters trust and loyalty among customers. The goal should be to avoid a scenario where the affected individuals learn about the breach from external sources (like the media) before you notify them. 

How To Avoid Future Attacks

Just because it already happened doesn't mean it can't happen again. Cybercrimes are very common, and many criminals who got away with it once will try it again, especially if you haven't improved your security.

In the realm of cyber security, learning from past errors is always important. Taking proactive measures to prevent breaches is far more effective than seeking solutions after the damage is done. As of 2023, it has been reported that the global average cost of a data breach is 4.45 million dollars, a 15% increase since 2020. The US average comes in even higher at 9.48 million dollars, sitting at one of the most targeted countries worldwide for data breaches.

1. Have A Plan

Not a lot of businesses have plans in place for cyber-attacks, but they really should. Also, having a comprehensive disaster recovery plan and business resilience plan (BRP) is the best way to restore your operations quickly and move forward after a successful attack. You have protocols for everything else, and you absolutely need to have plans in place for cyber-attacks.

2. Update Company Policies and Procedure

Simple steps like mandating new and strong passwords for employees every 3 to 6 months can go a long way to improving your company's digital hygiene. Make sure your WiFi is secure, that company emails stay on a secure network, and that you're scanning for malware regularly. Small moves can add up to big gains.

3. Improve Your Security

Your investigation in the aftermath of a breach will likely uncover additional steps necessary to enhance your cyber security practices. The right can improve your company's cyber security from every angle, putting you in a much better position to avoid future attacks, and limiting the damage should one occur.

Get Help FROM JANUS Today

As the nation’s first and oldest independent IT Security consultancy, JANUS is a company founded on the principles of leading the way. Our mission is dedicated to improving the information security of our clients, and society at large. In business since 1988, JANUS offers a full range of high-quality cyber security, privacy, and regulatory compliance services at affordable costs. Organizations seek us out to assist them with improving their cybersecurity, compliance, and privacy programs. View Our Cyber Security Solutions here or contact us today.