In-depth

So you've been hacked, now what?

The statistics would seem to suggest that it is less a matter of if and more when your enterprise will fall victim to a hack attack of some kind. Once you've been hacked, then what?

According to the latest global State of Enterprise Security study from Symantec, some 75 per cent of organisations have experienced cyber attacks in the past year, at an average cost of more than 1 million over the course of the year for each hacked business.

If that were not shocking enough, the same study reveals that 100 per cent of the enterprises questioned admitted to some form of 'cyber loss' last year.

Advertisement - Article continues below

This comes as no great surprise to Keith Crosley, a director at security vendor Proofpoint following its own study of the data loss risk to large enterprises of more than 1,000 employees.

Crosley told IT PRO that of the 220 companies taking part, 27.4 per cent had been impacted by the improper exposure or loss of intellectual property in the last year, 32.8 per cent regarding customer information and perhaps most worryingly 33.8 per cent when it came to sensitive data.

So you've been hacked, now what?

So let's start at the very beginning. The fateful day your business discovers it has been hacked. What should you do and in what order?

Rafe Pilling, an information assurance consultant at SecureWorks, recommends that the very first task needs to be attempting to quantify the extent and impact of the compromise, without which it's almost impossible to determine what follow-up activity needs to take place or the priorities to be assigned to this To Do list.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"From an early stage, consideration should be given as to whether the business simply wants to restore a service or perform an investigation that yields evidence that could be presented in court," Pilling told IT PRO, adding "it's best to involve incident response experts early on as they can advise on how to verify the incident, restore service and collect the data in a forensically sound manner that can later be investigated and used as evidence".

The incident management process

As Neil O'Connor, principal consultant at independent IT security consultancy Activity IM says, this means invoking your incident management process.

This should define what to do next, in particular: who to involve, how to grade the seriousness of the attack and how far to escalate the incident.

"The first stage in the incident management process should be to decide if you actually have been hacked," O'Connor said. A false positive from an intrusion detection system or anti-virus software should, of course, be ruled out.

Advertisement - Article continues below

"Assuming that you have been hacked," O'Connor continues, "you need to assess the seriousness of the incident, and in particular if any information has been compromised."

This step is somewhat easier if you have undertaken forensic readiness planning beforehand and are aware what data is held in what location.

Your incident management process should define levels of seriousness and escalation, and if there has been a potentially serious breach then your crisis management plan should be invoked.

This will involve "functions such as marketing and PR as well as senior executives in deciding who to inform, what to say and what assurances to give, as well as what internal briefings to give," O'Connor recommends. Ah yes, the dreaded 'D' word: disclosure.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020