Check your cyberattack response steps before it becomes a problem

David Sun

As the Russian invasion of Ukraine continues to make daily news and US sanctions against Russia intensify, acts of cyberterrorism against companies there are highly likely. In fact, in a statement released to the nation on March 21, President Biden called this “a critical time to accelerate our work to improve national cybersecurity.”

In light of this potential threat, the Department of Homeland Security published a Shields Up guide of the Cybersecurity & Infrastructure Security Agency to ensure that all organizations, regardless of their size, adopt a reinforced posture in terms of cybersecurity and the protection of their most critical assets. This comprehensive guide provides recommended actions for organizations and business owners, a ransomware response checklist, and steps individuals can take to protect themselves and their families.

The time for hypervigilance has arrived. Ransomware is becoming increasingly sophisticated and can cost businesses millions of dollars in just minutes, data breaches can affect millions of consumers or compromise years of research, and the banking fraud enabled by these attacks diverts millions of dollars. As such, companies should step up testing and evaluation of their cybersecurity programs and protocols to help secure their systems.

Several basic protective measures can be taken, including installing internal firewalls (in addition to the standard external firewall) and configuring Endpoint Detection and Response software in your organization’s network and on all devices used by employees.

Regularly back up data, including word processing documents, spreadsheets, databases, financial files, and data stored in the cloud. Implement multi-factor authentication on accounts and entry points, update software and apps on all devices, and always think before you click, no matter how much anti-malware you have installed.

Don’t overlook the importance of using long passwords (over 14 characters) that include a mix of upper and lower case letters, numbers and symbols. Ensure that all employees with access to the corporate network are trained in cybersecurity practices and your organization’s security policy, and review and update your security policies regularly.

Stop, think, act

Despite implementing cyberattack prevention practices, cybercriminals can and will find a way to do damage. Consider these three response steps in the unfortunate event of a cyberattack – whether it’s phishing, malware, or ransomware:

Stop, think and act

First, determine what happened or is happening and what you need to do to lock down your systems to prevent the attack from spreading, then inform your legal counsel, insurance company and the competent authorities. Cease any financial transaction until it is validated and you are sure that it is secure. Then quickly inventory all resources and organize your response team.

Next, assess the nature and impact of the attack to determine its full scope and the extent of what was taken, damaged or compromised. Take the time to affirm that your actions do not compromise forensic evidence or the ability to fully investigate the compromise. Once comfortable with the actions you are taking, try to determine the motivation for the cyberattack – money, trade secrets, reputation, etc.

Now is the time to act. Establish your response and the company’s risk tolerance level (i.e., if it is ransomware, do you have to pay the ransom or risk stolen information being posted on the dark web), then deploy lockdown and risk mitigation processes. At this stage, you need to develop a communication strategy that includes internal staff, customers, and the general market. Finally, perform a full forensic analysis of how the attack happened and why.

Organizations need to focus on all aspects of cybersecurity to help protect their business and avoid becoming a victim. From creating processes to using high-end technology and educating employees about the dangers of “random clicks,” each of these boxes should be checked to create a cybersecurity program that can help protect your organization. .

David Sun is a principal at CliftonLarsonAllen LLP and a national leader for its cyber incident response and forensic practice.

Comments are closed.