The world is grappling with an increased number of cyber attacks and not everyone is prepared for it
The world is grappling with an increased number of cyberattacks and not everyone is prepared for it. The Latitude and MOVEit cyberattacks are among several cybersecurity incidents that have impacted organisations in Asia Pacific. With another Cybersecurity Awareness Month upon us, it is a reminder that organisations must stay ahead of these ever-evolving threats.
According to a Veeam and Think Teal report, 74% of Indian CIOs identify cyberattacks as the primary cause of business disruption, with 70% attributing increased ransomware attacks to IT and Backup team misalignment. We recognize the challenges CIOs face and suggest four crucial steps for an effective post-cyberattack response.
Observe
During a ransomware attack, our initial instinct from a security perspective is to eliminate the threat and resolve the issue. However, this isn’t the best approach.
Instead, a CIO should prioritise isolating bad actors within the environment. Sequestering them without removal allows for observation and understanding of the bad actor’s actions while preventing further harm to the business. Immediately removing the threat is tempting, but it hampers the ability to analyse the threat actor’s behaviour, denying insights into their intent, target and strategy. Understanding the extent of compromise both from a systems and data perspective is vital.
Correct
After gathering crucial attacker data, businesses can take corrective action by removing threats, patching attack vectors, recovering systems and data, and swiftly restoring employee access to minimize disruptions. CIOs must prevent re-attacks through the original point of breach or any other potential vulnerability and should have a robust recovery plan.
Prevent
As the next steps, CIOs must initiate preventative measures to avoid future attacks by assessing security measures and identifying immediate gaps or vulnerabilities in their attack surface.
Knowing the attacker’s point of entry can help patch the vulnerability and protect against another threat. When reviewing an attacker’s criminal profile, a CIO should focus on: the target, the attacker’s identity, the actions they took, and the impact they caused. These factors are crucial to determining strategies to minimise future risks and identifying behavioural patterns.
Cyberattacks are often seen as technical issues, but human error, especially through social engineering like phishing scams, is a significant risk. Ongoing employee training, including phishing simulations, is crucial.
Notify
Transparency is key to retaining trust and loyalty while keeping the stakeholders informed about emerging threats. Purposeful notification is essential. Sharing information without a strategy risks the company's reputation and leaves the business vulnerable to future attacks. CIOs must always reach out to key stakeholders including the board, legal team and business stakeholders. It can take days to weeks to address an attack sequentially and thoughtfully. By this time, you can reassure customers of the company’s commitment to protecting their data and share actionable steps to prevent more attacks.
What Comes Next?
While ransomware attackers don’t usually target the same gap twice, they can, and likely will, strike again. Taking a backward approach and securing already-breached zones is a flawed approach. Instead, CIOs should focus on identifying and addressing potential vulnerabilities to secure the future of the company. Cyber strategy must include employee education, cross-team communication and a robust business continuity plan. Further, regularly maintaining the security of users, networks and data can reduce the chances of getting hacked.
(The writer is MD and VP India & SAARC, Veeam Software and Nate Kurtz, CIO, Veeam Software; views are personal)