Posted by Chris Ripkey + Vito Nozza on Dec 21, 2021 10:00:00 AM
While the increased risk of cyber-attacks, further fueled by the pandemic, is in the news daily, too many organizations continue to lag in their planning and preparedness. There are countless stories of entities across the business and societal landscape, from big corporations to hospitals to schools, navigating data breaches and other forms of cyber-attacks that put their organizations, employees and stakeholders at risk. Cybercriminals are always looking for their next target and their tactics are continually evolving. The question is how to keep one step ahead or, at the very least, to keep pace with best practices?
There are many steps and strategies to help your organization protect itself from cyber-attacks. These steps do not include waiting for a breach to occur before standing up an experienced incident response team. Nor do they include paying ransom to cybercriminals who have locked your drives and data. By submitting to a ransom demand, you are bolstering a criminal organization’s attack infrastructure and without guaranteeing restoration of your data or operations. Instead, organizations should focus on building a cyber-aware culture that works 24/7 to keep both information safe and employees on their guard against suspicious activity.
The intensity of the cybersecurity threat matrix is unlikely to diminish any time soon. Follow these steps to ensure your organization is more fully prepared:
Step 1: Make a plan and consistently run through all of its elements before a breach occurs
Being prepared is your first line of defense against criminal cyber activity. If you are waiting to create a comprehensive incident response plan and culture of preparation until after a cyber incident occurs, it’s already too late. These security protocols must be developed and tested well beforehand. Locking in the best plan for your organization includes ensuring that everyone understands the protocols in event of a breach or ransomware attack, as well as their individual roles and responsibilities. An expert outside partner can help identify steps that will need to be taken, such as:
- Disconnecting WiFi and Bluetooth and unplugging storage devices.
- Determining the scope of the attack, i.e. shared drives / folders, network storage, USB, external storage, cloud-based storage, etc.
- Knowing your RPO (Recovery Point Objective), your backups and your firm’s RTO (Recovery Time Objective)
- Using Google to try and understand the version of ransomware being used against your organization and key insights about it or the attackers.
- Using the ransomware program’s announcement try to determine if your data or login credentials have been copied, and if so, how much and what.
- Checking your logs and any data loss prevention (DLP) tools to look for signs of stolen data. This includes spotting any large unauthorized archive files (e.g., zip, arc, etc.) that contain data the hacker used for staging before they copied it. Also, look into any systems that might record large amounts of data being copied off the network, as well as malware, tools, and scripts that might have been used to look for and steal data.
- Lastly, if a cyberattacker tells you they have your data or credentials, believe them.