What typically happens during a cyberattack?
Cyberattacks can be broken down into different phases:
- At the beginning of an attack, the victim will be spied on (this is known as the “reconnaissance” phase). The hacker may do their reconnaissance by researching publicly available information or using social engineering.
- In the second phase, the intruders will examine their victims’ systems to identify weaknesses or obtain access information, using phishing, for example.
- In the next phase, known as the “settlement” phase, the hacker will infiltrate the victim’s systems. This is a gradual process which happens over several stages.
- It will then immediately be followed by the “exploitation” phase. This might see the victim’s data become encrypted, which can pose a significant threat to a company’s ability to operate. The hacker may demand a ransom by threatening to disclose data and damage the company’s reputation.
Companies can be hit with a cyberattack at any time. What can they do to protect themselves?
A key topic in the field of IT security is “cyber hygiene”, a vital element in protecting companies from cyberattacks. This includes the following areas and measures:
- Updates: Systems must always be kept up to date, as this is the only way to ensure critical security gaps can be closed quickly.
- Awareness: IT security is all about teamwork, and training all employees in the secure use of IT systems is essential. Employees need to understand the goals of cybercriminals and the methods they use. It is particularly important that employees are able to recognise phishing emails quickly – something we should all be used to these days. All suspicions should be reported to the company’s internal IT department so that appropriate protective measures can be taken.
- Service providers: Companies are outsourcing more and more of their IT infrastructure to third-party providers. When doing so, it is important to ensure that the applicable security standards are being met. After all, a security system is only as strong as its weakest link.
- Secure passwords: Passwords are the gateway to a company’s network. The only way to protect a company’s IT systems is to ensure all employees use secure passwords – and two-factor authentication wherever possible.
- Backups: Regular data backups ensure that company data can be restored in an emergency. It important to store these data backups separately from the company network to avoid them getting infected as well in the event of a cyberattack. The backups should also be tested regularly to ensure the data can indeed be restored as and when needed.
For those companies that have not outsourced their IT systems, it is also essential to operate an early detection and warning system. This is the only way to ensure effective countermeasures can be initiated immediately should the company be targeted in a cyberattack. This might involve disconnecting the compromised part of the network from the overall company network. Disconnecting a particular part of the network immediately is one way to prevent hackers from accessing the company’s other systems.
Small and medium-sized enterprises (SMEs) do not usually have their own IT security department or the corresponding infrastructure. What can SMEs do to protect themselves, and how should they proceed when faced with a cyberattack?
Every company, regardless of its size, should take cybersecurity seriously and adopt an active approach to managing the threats posed by cybercrime. So if every company should be prepared for possible attack scenarios, what should I do when faced with something like your ransomware attack or a DDoS attack? Which scenarios are critical for a company? If you only think about your course of action after or during an attack, it is usually too late. Some risks pose more of a threat to a company’s operations than others, and risk analysis is vital to enable companies to recognise, minimise and manage these risks.
Another aspect is the topic of supply chains. A growing number of cybercriminals are accessing companies’ systems via partners or software providers, and interfaces like these are currently proving quite the Achilles’ heel for many companies. It is important for companies to do more than just define their own set of security parameters; partners and service providers also need to be included as part of an overarching security concept. Companies which specialise in providing assistance services in the field of cybersecurity can be a great help in this regard. As in all areas of security: “Decent security is expensive, weak security is even more expensive.”
If an SME discovers it has been attacked, it should contact its IT service provider or a specialist without delay so it can work with its chosen partner and take steps immediately.