How To Survive Cybersecurity Breaches/Incidents
In an era where technology is invading almost every area of our lives, professional to personal, the amount of data collected by companies and organizations of all sizes is alarming. Humans have become intertwined with technology; from software to hardware, holdable to wearables to insertables, technology is all but inextricable. They, however, do all have one thing in common, which is data. Data being information about individuals, cities, and countries can be extremely valuable to cybercriminals, ranging from pure hackers to curious joe, script kiddies, the wannabes, elites, crackers, and phreakers to punks ciphers 3.
As a result, organizations' susceptibility, cooperations, government infrastructures, and medical structures to cyberattacks is undeniable. The magnitude of security breaches over the past few years has increased. South Korea in 2014 experienced a security breach, where about 40% of the country's population (~20 million) were affected. From the Internet security threat report published in 2016 by Symantec, a major breach was caused by Carbanak 4, a malware program that infected the Ukrainian bank's administrative computers. Like the USA, Japan, and Russia, many other countries were affected, resulting in about half a billion personal records lost or stolen in 2015. On average, at least one new zero-day vulnerability was found each week. As zero-day vulnerabilities are found, they just serve as a tool for cybercriminals to enhance attacks. Enabling proactive measures can go a long way to limiting or even preventing the spread of a cyber attack.
EFFECTS OF CYBER BREACHES
Cybersecurity breaches do affect organizations and companies in different ways. Many of which are significantly damaging if not permanent. Some effects of cyber breaches are:
- Organizations do experience loss of confidential data. This is often the major aftermath of a cyber attack. Data, which could range from phone numbers, social security numbers, health records, right up to military confidential or classified information, could be stolen.
- Competitiveness between firms and organizations becomes compromised. This can cause havoc, from which small to medium organizations or startups might never recover.
- Decreased value and reputational loss have often been cited as a significant concern. Trust and value built from customers to companies after a cyber attack starts degrading and is brought into question, especially when the company fails to respond promptly to a cyber attack.
Surviving cybersecurity breaches or incidents can be mainly viewed from two different but yet related viewpoints. One is setting up measures to avoid a potential attack, and the other being how to respond when a breach or attack occurs.
STEPS TO AVOID A POTENTIAL CYBER ATTACK
Cyber attacks are of various kinds and natures, and there is an overwhelming amount of resources out there stating how to prepare for the inevitability of a cyber attack. No single fit-all strategy is available to handle all possible cyber attacks. These are a few out of many practices that can help organizations or companies avoid (and, in a sense, survive) cyber attacks.
- Personnel Training. In a company milieu with members working in different departments, adequate training needs to be provided for those handling sensitive data.
- Offline backup of sensitive data. At the core of every company is data. Damage or loss of data can disrupt, destabilize, and even shut down companies, startups, or organizations. Having an offline backup of sensitive data is vital and key in surviving a cybersecurity breach or incident.
- Security culture. As part of the company's culture, security must be considered vital by the top-level personnel. Lack or negligence of security culture exposes the company to possibly unrecoverable cyber attacks.
- Good comprehension of risk profile. Organizations should Identify and classify different cyber attack scenarios. Knowing a company's possible attack vectors and assets can help security personnel with a contingency plan, creating and supporting the company in times of need.
- Employee Screening. With people being often the weakest link in a security plan, employees should be screened to assert that their skills meet their respective positions' expectations and that their beliefs align with those of the organization.
- Take cyber threats seriously. To a reasonable level, most companies understand the extent of the damage done during a cyber attack and the consequences. However, due to costs and complexities in setting up measures to mitigate such threats, due consciously choose not to take measures.
- Keep systems updated. Most companies have systems not using the latest updates for their various software programs. Applying security patches to software and hardware systems routinely can mitigate some security threats, as most of the threats exploit known vulnerabilities.
An understanding of the security chain in every organization is vital. Having the Chief Privacy Officer (CPO), Chief Compliance Officer (CCO), and the Chief Information Officer (CIO), etc., understand their role to be better prepared before and/or after an attack.
HOW TO RESPOND TO SECURITY BREACHES
Despite the measures mentioned above to prevent a cyber attack, there is no guarantee that one won't occur. Cybercriminals are crafty and smart, always looking for new ways to bypass security measures and systems to attain their objectives. So, let's look at how to respond to a cyber attack or security breach.
1. Analyze the damage
Core internal investigation needs to be done by the security department or team after a breach occurs. This investigation has an objective to analyze the impact on core business functions. The investigation results range from identifying the attacker to discovering unknown vulnerabilities and determining necessary improvements needed to be made to organization systems and perform security measure updates.
2. Endeavor to limit extra damage
Given that an attack just occurred, it's the organization's responsibility to prevent the attack from spreading. Companies have different objectives and use different systems; hence the company will have to take respective measures based on company structure to limit further damage.
3. Persist details
Having logs, source code, or written details persisted for the actions that yielded a security breach. Also, details of what was done to respond to the breach will be significant in restructuring its security defense line.
4. Engage Law enforcement
Most countries do have law enforcement bodies to handle cybercrimes. Filing in a cyber attack report can go a long way to help better prepare for another possible attack. Law enforcement may contact the media, preventing sensitive information from being disclosed.
5. Notify affected individuals
Individuals value their data; that's probably why they entrusted a company with that, to begin with. Having users notified helps them take immediate steps to reduce further data compromise.
6. Learn from incident
Security breaches have somewhat become a way of life. Learning from a breach enables better incident handling and can provide insights into strengthening a company's security defense line.
Breaches will always happen so long as humans design systems. Having a data breach contingency plan should always be part of the company's culture.
- Radio Frequency Identification Chip (RFID chips)
- Near Field Communication chips (NFC chips) (https://en.wikipedia.org/wiki/Near-field_communication)
- Types of Cyber Criminals
- Carbanak (https