The 5 steps a company should follow after being a victim of a cyber attack!
1. To begin with, it is important for companies to conduct a detailed examination of the attack. In this way, it will be possible to better and more correctly determine which systems have been compromised and how, and to answer important questions such as: Is the infection limited to a single piece of equipment or part of the network? Has sensitive data been leaked? Are we talking about the following?ιρικά ή προσωπικά δεδομένα, που αφορούν τους εργαζομένους ή / και τους πελάτες;
2. In the event of a leak of information that could endanger employees or customers, the second step is to inform them of a potential breach and advise them to watch out for any unusual movements. If there is a significant hardware failure, then backup activation procedures should be initiated to maintain customer service.
3. Next, actions should be taken to contain the contamination, starting with isolating the compromised equipment. If it is determined to be malware using encryption, a reverse engineering effort should be made to obtain the keys. However, if communication takes place over non-confidential protocols such as HTTP, monitoring will be easier. In any case, new firewall rules will have to be created. Since most of the above processes involve the non-automated analysis of information, it is important to put in place a comprehensive security solution.
4. The fourth step is the complex malware removal processes, where the use of Antivirus solutions is recommended for faster and better results. It is worth noting that even after cleaning, there is a risk that other infected equipment may still be present that has not been detected while operating normally. To avoid this, the analysis of packets transmitted by the network must be enhanced. Changing passwords on corporate networks is another preventive measure, along with updating keys. At this point, it is worth establishing whether the infection was the simple result of an online carelessness, or whether it is a link in a chain of persistent targeted attacks.
5. In conclusion, conducting an in-depth investigation into what happened will provide an opportunity to improve processes within the organisation. Removing any vulnerabilities strengthens the perimeter of corporate networks, proving that many times infections are not always completely negative events for a company, as they indicate where to strengthen for better corporate protection planning.