The world will suffer $10.5 trillion from cybercrime annually by 2025, according to Cybersecurity Ventures—a leading researcher for the global cyber economy. The estimates were $3 trillion in 2015. Along the lines of cybercrimes, the Verizon 2019 Data Breach Investigations Report claims that hacking involves 52% of breaches. Presently, with the emergence of COVID-19, the pace has accelerated for businesses toward online channels, and so have the chances of falling prey to hackers increased for companies. Thus, the question pops up how to act when your company is hacked. To answer your query, we will see a step-by-step guide in this article.
However, before we move the actual steps that a company should take when hacked, let's have a look at some myths or misconceptions that swirl around cyber incidents:
- Since our systems are working, we have not been hacked.
- According to our IT department, we have never been hacked.
- Antivirus or cybersecurity software is sufficient.
- Complex and long passwords cannot be hacked.
- Mainstream websites are secured to visit.
Without question, these misconceptions may lead your company to a disastrous cyber incident. That's why the first step is to improve your understanding, invest in cybersecurity, and ensure that you are safe in every situation regarding cyber incidents. But then again, if your company has been hacked in some way, then follow the steps given below.
Keep Calm In The Face Of Getting Hacked
Realizing that the bad guys have compromised the enterprise can cause panic. But the impulsive reaction can lead to more harm than good. Instead, the company needs to adopt a proactive and measured response. Meanwhile, the investigative team should avoid rushing to erase or modify any logs. At a later stage, investigators may be required to produce these records in a court of law.
Set Up an Incident Response Team
How quickly a response comes to a breach from a company significantly impacts the recovery time. Taking no action escalates damage every day. Consequently, when dealing with a security breach, you need to involve the incident response team as soon as possible. At the same time, it is that team that works as your first responders on your behalf. Remember that at the initial stage, protecting the data of your customers is the main aim for them.
Having a Crisis Communications Plan for Customers and Employees
It is the legal duty of a company to inform people when it confirms a breach. There may have exceptions when law enforcement authorities are involved with the investigation. Essentially, the requirements depend on the regulation and compliance laws of a specific country. It is worth noting to avoid overacting and unveiling too much information when communicating about the breach with customers and employees. You require to adopt a communication strategy that is contingent on facts. In turn, your customers will also become empathetic towards your company.
Engage Law Enforcement, don't pay the ransom!
Your company has to contact law enforcement agencies whenever a major breach takes place. Hiding an attack out of embarrassment and guilt only encourages ransomware thieves to continue harming you. E.g., here are a few authorities to contact in case a company is based in the U.S.
The Federal Bureau of Investigation (FBI)
The U.S. Immigration and Customs Enforcement (ICE)
The U.S. Secret Service (USSS)
State and Local law enforcement
The District Attorney
If your company is based in Italy, contact polizia postale (postal and telecommunications police).
Learn from the Breach
It is imperative to develop organizational processes to learn from breaches. It is because cybersecurity breaches have begun to become a way of life. Given that bad guys again attempt to breach your company in the future, it will help you better handle the incident. Accordingly, documenting all mistakes is an excellent way to achieve the objective. Another action you can take is educating the employees to keep passwords secure, update antivirus protection and click on unsafe links.
Prevent the next cyber attack
Do you want to overcome flaws that can get exploited by external actors? A vulnerability assessment and an on-going Bug Bounty Security Program can help you go a long way. While a vulnerability assessment helps detect and quantify known security flaws in an environment, penetration testing simulates the actions of an external actor to gain access to sensitive data. Along the same lines, a service that allows continuous assessment testing and penetration testing refers to WhiteJar, the first community of ethical hackers in Italy.
This service by AppQuality is the ideal player to entrust with the management of System Vulnerability Research Campaigns, as it offers an innovative service that provides immediate access to a vast network of Ethical Hacking professionals, ready to identify problems and propose effective remediation solutions.