Bleam Cyber Security Blog

What to do if you fall victim to a cyber attack

Written by Bleam Cyber Security | Feb 8, 2022 10:47:25 AM

What to do if you fall victim to a cyberattack

Between 2020 and 2021, 4 in 10 businesses and a quarter of charities reported some form of cybersecurity breach or attack. These figures are increasing year-on-year as cybercriminals innovate with new attack vectors to infiltrate businesses for profit or to steal valuable data. For a business owner, if you have not already, now is the time to invest in a comprehensive cybersecurity solution before it is too late. However, if your business does fall victim to a cyberattack it’s important to know what to do next. In this article we will discuss the most common cyberattacks, what to do if you fall victim to them, and how to prevent a cyberattack in the first place.

Most common cyberattacks

Ransomware

This uses malware to encrypt a business’s data and hold it to ransom, only giving the encryption key when the ransom is paid. Whilst the data is encrypted, employees can’t access files, databases, IT systems or applications. This malware is designed to spread throughout a system, encrypting every file on a business’s network, often causing significant downtime. These attacks often use a phishing email to initiate the exploit and malware infection.

Distributed Denial of Service

DDOS, as it’s commonly known, is a malicious attack where a cybercriminal overwhelms a target server, service, or network with internet traffic to disrupt normal traffic. The goal of these attacks may be to stop legitimate traffic from visiting a site, or to overwhelm network equipment, such as firewalls, to launch another cyberattack.

Man-in-the-Middle Attack

This may include intercepting messages and emails between individuals that includes sensitive data, or intercepting login credentials between a user and an IT system. There are many different methods that can be used to carry out a man-in-the-middle attack, however most can be avoided with firewalls, encryption, multi-factor authentication and a strong security culture within an organisation.

Password Attack

These attacks include a variety of methods a cybercriminal may use to steal login credentials. This may include a phishing attack, where the cybercriminal poses as a trustworthy individual and attempts to deceive the victim into sharing their password. Another password attack method is a brute force attack, where a cybercriminal will use a program to try millions of passwords every second until the correct one is found.

What to do if you fall victim to a cyberattack

Notify your IT Provider

If your business falls victim to a cyberattack, or if you believe there has been any sort of breach, you should first notify your IT provider. They may be able to help stop further spread of any malware or assist in surveying the damage and finding mitigation and recovery solutions.

Survey the Damage

Ideally with the assistance of your IT provider you will be able to survey the damage and ascertain which systems, services, and machines are affected. This will determine the impact on the critical business functions and confirm what method of attack was used.

Limit the Fallout

Depending on what cyberattack affected your business it may be necessary to take steps to avoid an attack from spreading. This may include re-routing network traffic, blocking traffic, or isolating parts of a compromised network. Depending on the size of your business and internal resources, this may need to be undertaken by a cybersecurity professional.

Record the Details

It is important to record any details of the actions taken and data collected from system logs. This may include information about affected systems, compromised accounts, and damage to systems. Collecting this information will aid in notifying stakeholders and reporting the incident to the relevant authorities.

Notify Stakeholders

If your business has suffered a data breach that resulted in an individual’s information being at risk, it is essential to notify them. This is important as incidents where data is compromised or stolen may breach GDPR, if these are reported within 72 hours it will minimise possible penalties. Regardless of what method of cyberattack your business faces, all cases should be reported to Action Fraud who will then inform the National Fraud Intelligence Bureau.

Learn From the Attack

After any cyberattack, regardless of severity, businesses should learn from the experience to understand how to prevent another attack or better respond if lightning strikes twice. This should include documentation of the attack and the response, if any mistakes were made that enabled the attack, and how training can be used to avoid another cyberattack.

How to prevent a cyberattack

As there are many attack methods used by cybercriminals, it’s important to have a comprehensive solution to stop all forms of attack in their tracks. This includes protecting businesses from phishing, ransomware, password attacks, DDOS attacks and others. It can be difficult to stay up to date with changes in the cybersecurity threat landscape, so often it’s best to rely on the expertise of a third-party IT provider. Contact us today to find out more about how you can keep your business safe and avoid a cyberattack.