In-depth

So you've been hacked, now what?

The statistics would seem to suggest that it is less a matter of if and more when your enterprise will fall victim to a hack attack of some kind. Once you've been hacked, then what?

According to the latest global State of Enterprise Security study from Symantec, some 75 per cent of organisations have experienced cyber attacks in the past year, at an average cost of more than 1 million over the course of the year for each hacked business.

If that were not shocking enough, the same study reveals that 100 per cent of the enterprises questioned admitted to some form of 'cyber loss' last year.

This comes as no great surprise to Keith Crosley, a director at security vendor Proofpoint following its own study of the data loss risk to large enterprises of more than 1,000 employees.

Crosley told IT PRO that of the 220 companies taking part, 27.4 per cent had been impacted by the improper exposure or loss of intellectual property in the last year, 32.8 per cent regarding customer information and perhaps most worryingly 33.8 per cent when it came to sensitive data.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

So you've been hacked, now what?

So let's start at the very beginning. The fateful day your business discovers it has been hacked. What should you do and in what order?

Rafe Pilling, an information assurance consultant at SecureWorks, recommends that the very first task needs to be attempting to quantify the extent and impact of the compromise, without which it's almost impossible to determine what follow-up activity needs to take place or the priorities to be assigned to this To Do list.

"From an early stage, consideration should be given as to whether the business simply wants to restore a service or perform an investigation that yields evidence that could be presented in court," Pilling told IT PRO, adding "it's best to involve incident response experts early on as they can advise on how to verify the incident, restore service and collect the data in a forensically sound manner that can later be investigated and used as evidence".

The incident management process

As Neil O'Connor, principal consultant at independent IT security consultancy Activity IM says, this means invoking your incident management process.

Advertisement - Article continues below

This should define what to do next, in particular: who to involve, how to grade the seriousness of the attack and how far to escalate the incident.

"The first stage in the incident management process should be to decide if you actually have been hacked," O'Connor said. A false positive from an intrusion detection system or anti-virus software should, of course, be ruled out.

"Assuming that you have been hacked," O'Connor continues, "you need to assess the seriousness of the incident, and in particular if any information has been compromised."

This step is somewhat easier if you have undertaken forensic readiness planning beforehand and are aware what data is held in what location.

Advertisement
Advertisement - Article continues below

Your incident management process should define levels of seriousness and escalation, and if there has been a potentially serious breach then your crisis management plan should be invoked.

This will involve "functions such as marketing and PR as well as senior executives in deciding who to inform, what to say and what assurances to give, as well as what internal briefings to give," O'Connor recommends. Ah yes, the dreaded 'D' word: disclosure.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020