Time is the most crucial commodity when we talk about cyber attacks. The delay in responding to cyber attacks may lead to major problems. In many cases, it may even take months to identify some form of cyber attack. Most people don't know how to respond when something of this sort happens.
1. Inform the IT and Management teams - Detecting and informing the concerned teams is the first step in responding to cyber attacks. Whenever any employee encounters something suspicious with his/her system, it must be informed to the IT Team. It may seem small but in the case of business, a small miss may lead to a big problem. The threat actors always try to stay under cover till they reach their goal of stealing data without any issues. Ignoring any irregular thing may have a series of repercussions.
2. Disconnect the infected device from the network - Disconnecting the infected device is important to control the proliferation of the virus/malware. Identifying the infected units as early as possible and disconnecting them by removing the LAN cable will help in limiting threats inside the unit. Checking the nearby devices on the network is also required to get a picture of the scope of infection.
3. Document the infection - Documenting everything is very important for the mitigation of the network and devices for successful threat removal and future reference.
4. Check the Backup - IT team must check the existing backup to make sure it is not compromised in any way. Data integrity is a must to restore business continuity as soon as the infection is controlled and removed.
5. IT team should implement the Cyber security protocol - If the organisation has a Cyber security protocol, it has rules and procedures to be followed. If the incident response team has not reached the site, the IT team should start following the steps for recovery.
6. Inform all the employees about the attack/infection - The organisation must inform the affected employees. Educating the employees will help in controlling such attacks in future. Human error can serve as the root cause of a breach. Increasing awareness is important for better responding to cyber attacks.
7. Use security systems to track potential malicious assets - Reinfection can still happen hence it is best to control the threat by controlling all traces of malware or security vulnerability with security operations centres or blended solutions.
Once a breach or an attack happens, the organisation should resolve the issue as early as possible. The incident must be reported to the respective departments as per the severity of the incident.Go Back