You’ve Been Hacked - Now What?
In recent years, security incidents have become an increasingly common part of digital life. According to recent reports, there is a hacker attack on average every 39 seconds and a whopping 43% of these attacks target small businesses. By 2020, the average cost of a data breach will exceed $150 million, and there will be a massive 200 billion connected devices for hackers to attack.
Thanks to the rapid adaptation of hacking tactics, it’s become increasingly challenging to avoid cyber attacks. Fortunately, being hacked does not have to be the end of the world. In our recent expert panel, we brought together a panel of experts to discuss the modern digital security environment, and what you can do if you get hacked.
Let’s dive in.
The Current State of Digital Security
Global spending on cybersecurity is supposed to increase to about $6 trillion by 2021. Despite this, about 77% of organizations do not have any form of Cybersecurity Incident Response Plan. As a result, an estimated 54% of companies say they’ve experienced at least one attack in the last 12 months.
To get a more in-depth understanding of this, we polled our webinar attendees during our recent expert panel. We asked how many organizations have experienced a security incident in the last 12 months. Of the respondents, 41% answered “yes,” and 50% said “no.”
As you can see, cybersecurity attacks have become increasingly common among companies of all sizes. While learning to avoid an attack is critical, learning to respond to one is also a significant consideration.
The Top Security Threats Facing Companies Today
It can be overwhelming to think about the security environment on the web today. Here’s how Kevin Walsh, a 23-year veteran of the Secret Service and leader of the service’s Electronic Crimes Task Force, has to say about the cybersecurity challenges facing companies today:
“I'll start with what we call the business email compromise or the ‘man in the middle.’ We see increased attacks from this vector. It's been very profitable. There's been over $12 billion in fraud over the last five years with this type of attack, which is closely related to phishing. Ransomware has also been in the news recently. We've seen some more targeted attacks from the ransomware. We've also seen an increase in demand, but I think one of the most significant risks is supply chain attacks. We have noticed a rise in that vector of supply chain attacks. Now, with mergers and acquisitions and more things moving to the cloud and being outsourced, it is the fastest-growing vector.
To round out the picture, Johnny Lee, Principal at Grant Thornton where he leads a practice called the Forensics Technology Services Group, responded:
“We see a lot of ransomware, and we're seeing a lot of simple forgeries and imposters inserting themselves into a transaction. I think the perspective I would offer there is that as an analog in the human resources arena, right? The reason we do 360-degree reviews is that we're trying to get a perspective that we don't always see or hear about. I think cybersecurity is quickly becoming an arena where that same mentality applies. Two very traditional internal controls structures like supply chain, like procurement, like accounts payable. The reason being that you have, through technology, inflection points that didn't use to exist, right? If you were going to commit fraud in a traditional AP environment, you would have to printed document masquerade as someone else physically show up somewhere and socially engineer them. Now you can do all that from a desktop on the other side of the world with just a few clicks and a little bit of subtlety. So it's not just the inception of the process and the culmination of the process where the controls need to be strong. It's at every touch point along the way.”
Should Your Company Ever Pay a Ransom?
Several of our panelists mentioned ransomware. According to UC Berkeley's Information Security Office:
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The payment demanded from individuals varies greatly but is frequently $200–$400 and must be paid in virtual currency, such as Bitcoin.
One question many companies have is this: “If we are attacked by ransomware, should we pay the ransom to get our files back?” The answer, as it turns out, is complex. According to John Lee, it depends on policy. As a matter of public policy, paying ransoms is a bad idea, as it encourages bad actors to continue with their bad behavior. As a practical matter, though, paying ransoms may be the only way a company can continue operating. This is especially true for companies that don’t have sufficient backups or the ability to restore specific key data. These companies may have no choice but to pay a ransom.
Kevin Walsh, meanwhile, provided us with the stance the Federal Government takes around paying ransoms:
“We do not encourage you to pay the ransom at all. The government will never say that you should pay the ransom...you're not sure who you're dealing with. You're not sure if you're going to get your data back. You're not sure if the decryptor is even going to work. In addition, the more people that pay the ransoms, the more this becomes a profitable crime. We've also seen recent ransom amounts go higher and higher. There were cases in Florida for very targeted specific attacks, and now with higher and higher dollar amount ransoms being paid, you're going to see an increase in the demands as well. And we have seen the same thing. Once a company has demonstrated that they are committed to paying the ransom, they are often targeted and revictimized...we understand it's a business decision, but hopefully, the preparation is on the front side instead of paying for it on the backside.”
5 Tips to Respond to Hacking Attacks
As you can see, recovering from a hacking attack can be expensive, complicated, and time-consuming. With that in mind, it’s smart for companies to prepare on the front end, rather than merely responding once the attack happens. If a hacking attack catches you unaware, here are five response tips:
1. Follow a communication plan.
Figuring out who to inform after a hacking attack is critical. What does the attack mean? Who should you tell? How do you tell them? When do you tell them? Implement a communication plan before the hacking attack occurs to carry it out once the attack takes place.
2. Secure IT systems.
As soon as you realize the breach, secure your IT systems to limit the scope of the attack.
3. Launch backups.
Hopefully, you’ve developed a good crash plan for your website. Now is the time to launch that crash plan and deploy your backups to protect your data from further harm.
4. Notify authorities.
Let the authorities know about the cyber attack on your organization. This will help protect your customers and make a record of the attack so that authorities can respond.
5. Create redundancy in your data.
This is a critical part of data security and protecting your assets. Data redundancy is a condition created within a database or data storage technology where the same piece of data is held in two separate places.
Is Your Organization Ready?
When it comes to hacking attacks, an ounce of prevention is worth a pound of cure. In the words of Johnny Lee, “Cybersecurity is no longer an IT problem. It's a business concern.” With this in mind, it’s wise to take steps to protect your company against hacking attacks before they happen. This includes things like putting a preparedness plan in place, understanding your insurance, and making a plan to recover from an attack that does happen. While it requires some investment on the front end, it’s critical to protect your company and customers.
It's time to get prepared for your next cyber breach. Schedule a call below to learn more about Apptega.