In-depth

So you've been hacked, now what?

The statistics would seem to suggest that it is less a matter of if and more when your enterprise will fall victim to a hack attack of some kind. Once you've been hacked, then what?

According to the latest global State of Enterprise Security study from Symantec, some 75 per cent of organisations have experienced cyber attacks in the past year, at an average cost of more than 1 million over the course of the year for each hacked business.

If that were not shocking enough, the same study reveals that 100 per cent of the enterprises questioned admitted to some form of 'cyber loss' last year.

Advertisement - Article continues below

This comes as no great surprise to Keith Crosley, a director at security vendor Proofpoint following its own study of the data loss risk to large enterprises of more than 1,000 employees.

Crosley told IT PRO that of the 220 companies taking part, 27.4 per cent had been impacted by the improper exposure or loss of intellectual property in the last year, 32.8 per cent regarding customer information and perhaps most worryingly 33.8 per cent when it came to sensitive data.

So you've been hacked, now what?

So let's start at the very beginning. The fateful day your business discovers it has been hacked. What should you do and in what order?

Rafe Pilling, an information assurance consultant at SecureWorks, recommends that the very first task needs to be attempting to quantify the extent and impact of the compromise, without which it's almost impossible to determine what follow-up activity needs to take place or the priorities to be assigned to this To Do list.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"From an early stage, consideration should be given as to whether the business simply wants to restore a service or perform an investigation that yields evidence that could be presented in court," Pilling told IT PRO, adding "it's best to involve incident response experts early on as they can advise on how to verify the incident, restore service and collect the data in a forensically sound manner that can later be investigated and used as evidence".

The incident management process

As Neil O'Connor, principal consultant at independent IT security consultancy Activity IM says, this means invoking your incident management process.

This should define what to do next, in particular: who to involve, how to grade the seriousness of the attack and how far to escalate the incident.

"The first stage in the incident management process should be to decide if you actually have been hacked," O'Connor said. A false positive from an intrusion detection system or anti-virus software should, of course, be ruled out.

Advertisement - Article continues below

"Assuming that you have been hacked," O'Connor continues, "you need to assess the seriousness of the incident, and in particular if any information has been compromised."

This step is somewhat easier if you have undertaken forensic readiness planning beforehand and are aware what data is held in what location.

Your incident management process should define levels of seriousness and escalation, and if there has been a potentially serious breach then your crisis management plan should be invoked.

This will involve "functions such as marketing and PR as well as senior executives in deciding who to inform, what to say and what assurances to give, as well as what internal briefings to give," O'Connor recommends. Ah yes, the dreaded 'D' word: disclosure.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020