So you've been hacked, now what?

gallery

To disclose or not to disclose?

One of the problems with disclosure is that there is a huge stigma and negative public reaction associated with computer security incidents according to Pilling. "Few people would blame the victim of an assault or a mugging for the crime, [whereas] computer crimes are generally seen as resulting from incompetence on the part of the victim organisation which leads to huge pressures for organisations to cover them up," he said.

This then prevents visibility of the real extent of the crime and in turn helps the criminals and hinders both law enforcement and network security staff. So the big question remains that when you know you've been hacked who do you need to tell?

Dimension Data's global head of security Neil Campbell used to be a computer crime investigator with the Australian police and doesn't think there is an easy 'one-size-fits-all' answer to that question.

However, Campbell does think that what is consistent is the need to plan disclosure processes beforehand that take into account your business's nature and situation.

"In the case of businesses that aren't bound by regulations to disclose, it's critical to know, before a security incident occurs, who is in charge of deciding if, when and how to disclose information about the breach," Campbell notes.

Giri Sivanesan, senior security consultant at risk management specialists Pentura think sit is more straightforward, suggesting that there are certain people and organisations that should be informed straight away.

"I would usually encourage organisations to notify law enforcement authorities of serious hacking incidents even when the incident is particularly sensitive," Sivanesan said.

"Once the attacks have been identified, contained and eradicated and systems are running without any hiccups, a decision should be made by the board on when to go public," Sivanesan added. "Going public before managing the situation may cause customers to panic and may even benefit competitors."

Damage limitation exercises

What about damage limitation in terms of branding and market position if the hack does become public? Preparation is the key if you want to minimise the amount of damage done to your organisation.

"If an organisation doesn't have incident management, business continuity and disaster recovery policies in place then it will become more difficult to minimise the damage caused," Sivanesan warned. By establishing and testing these policies and ensuring there are clear procedures and governance structures in place then responding to hacking incidents becomes much easier.

Sivanesan insists that "the faster you respond to and contain an attack then the less damage it will cause". Most organisations can expect to be attacked by hackers at some point, but by being proactive and ready for the attack beforehand usually reduces the impact attacks will have.

The same holds true when it comes to cleaning up after the attack. It stands to reason that if you know where your information systems and data were beforehand it will be easier to get back there quickly and without undue business interference.

"Backing up regularly will allow you to restore systems and information to an accurate level and with minimal downtime," Sivanesan said, "allowing you to get back to your baseline quickly".

Lessons learned?

Now that everything else has been accomplished, how and when should the 'what really went wrong here' investigation start and how can the lessons learned best be implemented?

Once again, Sivanesan has practical advice insisting that organisations must learn from their mistakes in order to manage the risks from hackers and minimise the impact hacking incidents cause.

"They must understand how the incident happened from the detection of the attack all the way through to the recovery," Sivanesan insists, concluding "how well they responded to the incident and what they should have done better are some of the key questions that need to be asked at a board level and pushed downwards."

Only by having the right knowledge of the risks and vulnerabilities, realising what assets must be protected and understanding the impact future incidents can have on the organisation financially and in terms of reputation, can your business move forward and come out of a hack attack stronger and better prepared should lightning strike twice.

Email to a friend

Print this page