How To Recover From A Security Breach
In insight / By Charlotte Tobulevicius / 01 February 2019
No matter how strong your company’s security defences are, no amount of security defence is 100% immune to a breach by a skilled attacker. It is believed that as many as 60% of small to medium companies go out of business due to a breach of data. However, a security breach does not always mean the end - it is possible to recover, provided you have the right plan in place. Here at Nasstar, we will discuss how to prepare and recover from a security breach to help keep your business afloat.
Preparing for a security breach
It’s worth being prepared in advance for a security breach. This way, in the event that it happens, you can act fast to identify and eliminate it. The following steps will provide you with helpful starting points to protect your business:
- Identify all of your company’s IT assets: Learn everything that is on your network by performing a complete audit of your IT assets. This way, you will know exactly what you need to protect (or replicate) in the event of a security breach.
- Implement an Intrusion Detection System (IDS): The quicker you respond to a breach, the less damage it will cause. Intrusion detection systems help you to identify when one occurs, allowing you to respond quickly, which in turn makes recovery easier.
- Create an Incident Response Plan (IRP): Always ensure that the people in your company know what their responsibilities are in the event of an attack to speed up response time. The quicker you respond to an attack, the quicker you can recover.
- Always backup your data: Depending on the type of attack, it may encrypt the data on your network (e.g. Ransomware attacks). This means that you will be unable to access it. Through backing up your company’s data on a remote server or a cloud, it will provide your data with a back-up which you can then re-download.
- Employ a web-based threat protection: This core component will help to secure your businesses critical information and data from external and internal web-based security threats.
Stopping the attack
The most important thing in stopping the attack begins with identification. The sooner an attack is identified, the better off your company will be because a full-blown breach can take time. Once you have identified the attack, you must contain it by isolating the systems that it has compromised by revoking the access of the account that they are attacking. Thirdly, you must eliminate the threat. The methods used to do this are dependent on the type of breach identified.
Investigating and preventing the attack
To prevent a future cyber attack, you must investigate how it happened in the first place. You should also investigate any affected systems to ensure that there is no malware left on the system.
Note: Be sure to keep activity logs from the time of the breach for a forensic analysis. These can assist in identifying the source of the attack, allowing you to block future attempts.
Inform those who may have been affected by the attack
After an attack, you should have a record of which systems or data were (or were at risk of being) compromised. Once you know this information, it’s important to inform those who may have been affected (e.g. customers, vendors etc.). You should inform them on the date of the breach, the type of attack, the files that may have been compromised and the steps you undertook to recover and protect the data.
Restoring assets on your network after an attack
The restoration process after an attack may be dependent on how you prepared for the breach. Your recovery plan should be something that you set well in advance of the attack so that you can keep your business going - even after a breach. Sometimes, recovery may be as simple as wiping or replacing the data storage drives and re-downloading all your files from the cloud. When restoring your assets and data, make sure that you noted which files had been taken down or affected by the attack. This will ensure that you do not miss anything important when recovering your data.
Anticipating the next attack
Unfortunately, once you have experienced one attack, it’s likely that you will be targeted again by the same group. This is why it’s important to prepare for the next one. Through analysing how the attackers got into your files, you can identify the gaps in your cybersecurity. This can help you to plan for the future and speed up your response to any further attacks.
Here at Nasstar, we have a variety of bespoke clouds, professional services, managed IT networks and a range of technical products to support organisations operating within key strategic industry sectors such as secure file sharing and secure messaging. If you would like any more information on how to plan for a cyber attack or recover from a breach of security, then feel free to contact us. We offer a range of cyber security products to help protect your business for any future attacks.