A lot of content has been written about what businesses and individuals should do when targeted by a malicious cyber attack. However, less has been published about what you shouldn’t do in such an event. There have been several high profile cases where large organisations have reacted incorrectly to an attack. This has more often than not resulted in the consequences being much more severe than they would have been had they reacted in the correct manner from the beginning. Furthermore, the majority of mistakes that are made are avoidable, and come after a decision making process, as opposed to being borne out of necessity.
Keep the breach quiet
When organisations suffer a data breach, those individuals affected deserve to know. It provides them with the opportunity to attempt to keep as much data secure as possible, or at least mitigate any damage. Without being informed, the chances of significant amounts of data being stolen increase substantially.
A major cyber attack has taken place once again this week, with Ticketmaster the latest victim. It has been claimed that they were informed of suspicious activity back in April, but failed to act upon it. Now close to 40,000 customers are alleged to have been directly affected. Much, or at least some, of the damage could have been avoided had the breach been detected and announced earlier.
Attempt to improvise a response
Even though cyber attacks are receiving much more coverage these days, there is still a surprising number of organisations who are not fully prepared for the possibility. Those who have not considered their response to a potential breach will be in a dangerous position if and when it arrives. In such circumstances, businesses may be forced to improvise an effective response, without the necessary skills and knowledge. Never a good idea. Especially when stakeholder information is at risk. Procedures should be in place well in advance of an attack transpiring, with specialised individuals already brought in.
Fail to investigate the cause
Once a breach has occurred, businesses are understandably most concerned with ensuring as little damage is caused as possible. Even though that is crucial of course, attentions must eventually turn to how the attack happened, and where it came from. The problem cannot be forgotten about after the event, even if you managed to avoid serious damages. A thorough investigation should take place as soon as the breach has been detected, to discover which systems have been compromised, and how. Once that has been established, work can begin on ensuring that such a situation is made much more difficult to repeat in future.