Loading...
Loading

Why The First Hour After A Cyberattack Is The Most Important

2019-09-13by Tim Mullahy

The moment your business is successfully targeted by a cybercriminal, the clock starts ticking. What you do immediately after an attack sets the stage for your entire response, and can even be the difference between maintaining a positive reputation and being at the helm of a crippled brand. Here’s why. 

The Golden Hour is a familiar concept in law enforcement. The moment a crime has been committed, a countdown begins. Time is quite literally of the essence. Each delay increases the chances of evidence being lost and decreases the chances of a criminal being brought to justice.

“The early stages of an investigation are deemed so pivotal they can sometimes make or break an attempt to bring [a criminal] to justice,” reads a piece in news publication The Sun, focused on the 2017 documentary An Hour to Catch A Killer. “When time strays for too long and resources are allocated to fresher and more pressing issues, the investigation gets shelved.” 

But what does any of that have to do with cybersecurity?

Everything.When your business is successfully targeted by a cybercriminal, what you do immediately after the attack can make or break your brand. The momentanycyber incident occurs, an invisible countdown begins.

 

The longer you take to notice and respond to a data breach, the greater its potential severity. You might liken it to a severe laceration. Survivable with proper medical care, but deadly if the bleeding is not immediately staunched.

As an example, imagine a criminal has targeted your organization with a trojan that allows them to remotely exfiltrate data. With network monitoring and proper security controls, this intrusion can be detected and mitigated before it causes too much harm. However, if you lack a proper crisis response process, or simply don’t have visibility into your network, the criminal is free to do as they see fit.

Left unnoticed and unchallenged, they can steal as much data as they desire. 

Perhaps more importantly, significant delays in notifying customers and clients that their data has been compromised can cause irreparable damage to your brand. A recent study carried out by data security provider Varonis found that data breaches have a severe impact on a business’s reputation - and that’s if the business handles the breachproperly.An organization that takes too long to deal with a cyber-incident can find itself all but crippled.

There’s also the matter of tracking down the individual or organization responsible for the attack, but we aren’t going to touch on that. 

Cybercriminals are notoriously difficult to track down, and even more difficult to prosecute. While it’s certainly true that a quick response increases the chances of a successful criminal investigation, the chances that such an investigation will go nowhere are even higher. The financial and reputational cost of a lax reaction should be motivation enough.

So how exactly can you ensure you react to cyber-incidents within the golden hour? First, a comprehensive crisis response process is amustand it should clearly delineate responsibility by answering the following questions:

Who has the authority to initiate an incident response? Who handles communication with customers and shareholders? Who investigates and mitigates the incident? 

It is also imperative that you have measures in place for logging, documenting, and reviewing an incident. This includes compromised systems and data, actions taken to mitigate the incident, and actions taken in the wake of the incident. It should be immediately clear to anyone reviewing your documentation what happened and what you did in response.

Finally, you need a communication plan.Whoyou need to contact,howyou will reach out to them, andwhereandwhenyou will connect with them. Pre-approved messaging templates may be useful here, as they will allow you to quickly disseminate information about the incident and avoid getting bogged down with copywriting and approvals.

The above aside, the best thing you can do is practice good security hygiene. Strong access controls and monitoring tools are a must. But employee training is even more important.

Because at the end of the day, the real determinant of how quickly your business reacts to a cyberattack is your staff.

news Buffer
Author

Tim Mullahy

Tim Mullahy

Liberty Center One

Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.

View Tim Mullahy`s profile for more
line

Leave a Comment