Did a cyber-attack shut you down? Here are some immediate actions you need to take

Telivy
April 29, 2022
|
3
mins read

When it comes to cybersecurity, small and midsize businesses (SMBs) have to up their game. The key is to have a solid Cyber Incident readiness plan and Cyber Liability Insurance Policy.

The past decade has seen a slew of high-profile cyber attacks, such as Yahoo (2013-14), Uber (2016), and Facebook (2019). More recently, cyber-attacks like the Solar Wind hack and the Colonial Pipeline ransomware incident temporarily sent the nation into a state of emergency. Did you know that around 40% of the cyberattacks in the past couple of years have been targeted at small and mid-size businesses? Additionally, did you know that 60% of the SMBs were forced to shut down following the breach?

A report based on the research conducted by Ponemon Institute and analyzed by IBM Security indicates that the average total cost of data breaches and other cyberattacks spiked by 10% in 2020-21. The COVID pandemic triggered a new era of digital transformations, bringing most of the world online. However, most of this transformation was not backed by any cyber insurance protection. The remote work culture narrowed the global boundaries for talent and opportunities while also aiding the “bad guys” by exposing vulnerabilities inherent in people working from home.

Let’s look at the stories behind the statistics and how you can take concrete actions to brave an previous or impending breach.

Common cyber risks faced by small/midsize businesses and startups

Phishing, malware, and ransomware are commonly used strategies by cyber attackers to target vulnerable humans, software, or hardware entities in a system.

A typical breach story would sound something like this:

Early one morning, all the 100 employees of Alphatrades Co. received an email from their CEO with the familiar domain Robertraven@alphatrade.com to download a security patch to their HR management system. They were asked to log in and verify the patch installation. Within a few hours, the administrator of the HR management system saw a message flashing on the portal asking them to purchase a decryption token to log in to the system.

Investigation reveals that the email was from a fake source that successfully installed ransomware in the system. Using the Keylogger technique, the attacker stole employees’ sensitive information like SSN, payroll details, and account numbers which will be traded on the Dark Web.

This could easily be your business’s story. Ironically, many SMBs still believe that they won’t be a target because they are too small, not techy enough, or too immune to be considered attack worthy because they are using Google Cloud or Amazon Web Services. Buying cyber insurance does not even cross their minds. Breaking News! SMBs are easy targets for cyber villains who monetize on volume, casting a wide net that catches small fishes indiscriminately.

What are immediate actions should you take when targeted by a cyberattack or data breach?

Bring out Incident Response Plan

A thorough incident response plan (IRP) is most effective in stopping an ongoing breach and containing the damage. A business can devise an IRP with their customers, IT vendors, and insurance carriers to enable a swift execution when a breach occurs. IRP guides all the stakeholders through the following steps.



  • Identify Who, What, and When: in case of a breach, everyone’s role should be clearly defined as per breach protocol w.r.t who does what and when. IT vendors and your cyber insurance carrier (if you have one) should be notified immediately.



  • Isolate IT assets: this includes shutting down backup and other servers, changing passwords, and immediately blocking remote access and firewall traffic.



  • Notify stakeholders: in many cases, it is a legal requirement to notify customers; failing to do so can incur huge fines.



  • Investigate and monitor: to be able to recover, it’s essential to determine the initial point of breach. Continuous monitoring will eliminate further damage and help collect breach evidence for later legalities. Most cyber insurance carriers assist and cover forensic analysis and monitoring services.



  • Recovery: based on the type of attack and criticality of business availability, the next step would be to bring up the system from a secure backup and retrieve lost data and identities.

Here at Telivy, our focus is on providing bespoke cyber insurance to businesses fast, easy, and reliably. Telivy partners with a network of expert cyber insurance carriers who, in turn, compete for your business.

You get instant quotes to choose from, which provide you with the best coverage suited to your business and industry.

Automate your cyber security audits and monitor your security posture.

More from Telivy's Blog