Business: What To Do When Your Business Is Compromised?

Cyber Security Jamie Ngo todayMay 27, 2024 31

Background
share close

Do you know what to do if your business is compromised? Fear not, I can provide some advice.


This advice is for businesses and organisations on how to respond to a cyber security incident, if you’re after information about what to do if you have been personally compromised, you can do so at PERSONAL: I’ve Been Hacked! What To Do Next?

For businesses and organizations encountering a cyber security incident, swift and strategic response is paramount. Here’s a comprehensive guide tailored to address various threats.

1. Incident Response Plan Activation: Upon detecting or being informed of a security incident, promptly activate your Incident Response plan. This structured approach ensures a coordinated response to mitigate risks and minimize potential damages.

2. Malware Incidents:

  • Response Protocol: If malware compromises your network, refrain from immediately shutting down or deleting malware-infected devices. Instead, engage your security team to conduct thorough investigations. Turning off devices prematurely can erase crucial forensic evidence. Consider leveraging forensic tools like Autopsy to capture images of affected workstations for analysis.
  • Risk Mitigation: Understanding the malware’s entry point is crucial to prevent future breaches. Invest in user awareness training and enhance Intrusion Detection Systems (IDS) based on insights gained from incident analysis. Additionally, assess for any lateral movement or data exfiltration to contain the breach effectively.

3. Ransomware Attacks:

  • Immediate Action: In the event of a ransomware attack, swiftly disconnect affected devices from the network to prevent further spread. Capture live images of workstations for forensic examination to ascertain the infection source and extent of damage.
  • Avoid Ransom Payments: Despite the pressure to pay ransom demands, refrain from doing so as it emboldens cybercriminals and perpetuates the cycle of attacks. Organizations with robust incident response plans and effective backup solutions can minimize the impact without succumbing to ransom demands.
  • Quick Wins: The European Police has a website setup which provides decryption keys for certain ransomware. All you do is provide a sample of an encrpyted file, or the ransom note.

4. Phishing Incidents:

  • Response Strategy: Phishing attacks, whether via email or SMS, pose significant threats. Tailor response strategies based on the attack’s objectives. If aimed at financial gain, promptly notify your bank to reverse or block unauthorized transactions. For credential theft, initiate widespread password resets and enforce stringent authentication measures.

5. Business Email Compromise (BEC):

  • Urgent Action: BEC attacks entail hijacking legitimate emails for fraudulent gains. Upon detection, immediately contact your bank to intercept or halt suspicious transactions initiated through compromised emails.

6. Reporting and Collaboration:

  • Incident Reporting: It’s imperative to report cyber security incidents to the ACSC to receive assistance and contribute to a comprehensive understanding of the Australian cyber landscape. Timely reporting aids in shaping national policies to counter cyber threats effectively.

By adhering to these professional guidelines and leveraging expert insights, businesses can bolster their resilience against cyber threats and foster a safer digital environment.

Written by: Jamie Ngo

Tagged as: .

Rate it

Previous post

Similar posts

Post comments (0)