What to do during a Cyberattack
With cyber-crimes being on the rise and cyberattacks becoming all too common, there are plenty of resources out there to help you get your security up to where it needs to be. There’s no shortage of articles on how to prepare for a possible cyberattack. There’s also plenty of information on how to recover after an attack takes place.
What there doesn’t seem to be a lot of, however, is advice on what to do while a cyberattack is actually happening. You and your entire company are going to be on red alert and the last thing you’re going to feel like doing is sitting there and twiddling your thumbs. You’re going to want to react, and rightfully so, but you may not know what to do in that situation. Let’s look at some steps you can take while an attack is underway.
Get Your Team Together
The very first thing that needs to happen when you or someone in your company realizes you’re under attack is your cybersecurity team needs to mobilize. Generally, your security experts are going to be the ones who detect the attack in the first place, but you can still help coordinate and ensure that everyone is on their feet, figuratively speaking. Plus, it’s always possible that somebody not on the cybersecurity team notices the attack first, perhaps through a program not working the way it should. For these reasons, your security team should always be looped in on anything even remotely suspicious. (Wickr)
Verify the Attack
There’s always the possibility that you’re not under attack and your security measures are producing a false positive. For example, if you have multiple defenses in place (which you definitely should), but only one product is detecting the attack, it might be an error in the product. It’s important to verify that the attack is actually happening before you scramble to shut all of your systems down. One could argue that it’s better to be safe rather than sorry, but defense measures can be pretty extreme, and executing those measures when it’s not actually necessary can definitely lead to some trouble. (ITProToday)
Identify the Threat
If you know the attack is genuine, you want to gather as much information as you can, as quickly as you can. You need to figure out how the threat is getting into the system, what files are being accessed, what other files are exposed, if and how the attack is spreading, and more. Don’t worry about the source of the attack. That information will come later and in all likelihood isn’t relevant at the time of the attack. (CyberPrecedent)
Notify Law Enforcement
If an attack occurs, you might be so preoccupied trying to handle things on your end that you forget to notify the proper authorities. Your security team is there to protect and recover your assets from hackers, not pursue the hackers themselves. That’s a job for law enforcement, and the sooner they know what’s happening, the sooner they can help. If your local police aren’t familiar with cybersecurity, you’ll want to contact your local FBI office.
Contact Affected Customers
Oftentimes security breaches will lead to customer information being leaked onto the web. This includes things like credit card numbers and other important financial information in the worst-case scenarios. If you have reason to believe that crucial information has been exposed, it’s your duty to contact any and all customers at risk so that they can take the proper steps to protect themselves, such as putting holds on bank cards before their funds get stolen. (ITSEC)
Lastly, if you find yourself in the middle of a live cyberattack, the most important thing is not to panic. You need a clear head to make the right decisions and, if you’re the one everyone is looking up to, you need to stay calm and collected to set the proper example.
