What’s the best way to respond to a cyberattack?
How to survive a cyberattack
Recent cyberattacks have caught the world’s attention and cast the spotlight on the security vulnerabilities of unprepared organizations. Businesses have it hard with a constantly changing range of threats lurking in the shadows. While it’s clear that monitoring systems and intervention tools are essential for keeping threats at bay, it’s hard to know which products and suppliers are best. To complicate matters, a lot of firms lack the in-house security expertise needed to operationalize these safeguards.
Given these complexities, how do you prevent cyberattacks and reduce your business’ vulnerabilities? And if a breach occurs, how can you contain the threat and minimize its impact on your systems?
Is your business at risk?
In September 2017, Equifax, the credit monitoring agency, announced that it had been hacked, resulting in one of the largest data breaches in history. More than 148 million customers, primarily from the U.S., had their personal information stolen, including their names, social security numbers, birth dates, addresses, driver’s licence numbers and credit card numbers.
How did this happen? Equifax’s internal teams detected a vulnerability in March 2017, nearly six months before the unprecedented attack. The company failed to address the problem in time, leaving the door to its databases wide open for hackers.
Equifax simply didn’t have the right security infrastructure in place. They didn’t have any system visualization capabilities or an organized action plan. Not surprisingly, their communications to affected customers were poor because they were hastily prepared after the breach was uncovered.
Equifax could have prevented this disaster by following basic security principles, such as:
- Apply patches immediately
- Follow appropriate incident-response procedures
- Develop a disaster recovery plan
What’s the best way to respond to a security breach?
Has Equifax’s fail got you wondering about your IT security? Here’s what to do if you detect a security breach:
Take action as soon as a critical vulnerability is detected. Corrective actions need to be implemented quickly to reduce the attack surface. The malware or ransomware needs to be stopped before it reactivates.
If the problem isn’t addressed in time, creating a roadblock is your second line of defence. Your security team needs to ensure that all signatures are up to date for your antivirus and blocking technologies.
Once you’ve stopped the attack, you’ve got to increase your detection capabilities. Use a high-performance monitoring platform to correlate and analyze suspicious data so that you can identify threats before they strike.
Bring in the various teams impacted by the attack and work together to create or improve your disaster recovery plan. That way you’ll be better prepared for future incidents.
Technology can help you align with best practices. As a leader in enterprise security, IBM can help you implement the right security solutions, tools and processes to make sure your business meets the highest industry standards.
IBM has successfully kept WannaCry at bay
More than 100,000 businesses in 150 countries were infected with WannaCry ransomware, which exploited a security vulnerability on Windows XP and older versions of Windows 10. The cyberattack triggered widespread panic as companies contended with frozen systems, lost files and substantial amounts of stolen money. What was WannaCry’s strategy? It infiltrated endpoints (computers, tablets, smartphones, etc.), encrypted their files and demanded a ransom paid in bitcoin.
Microsoft had already provided patches after hacking tools targeting its operating systems were stolen, but consumers and businesses underestimated the threat and put off the updates.
IBM customers weren’t affected by WannaCry. Within hours, they were able to trace and correct all affected systems, obtaining a 98% success rate on the first attempt. Off-site endpoints were patched remotely, regardless of network speed.
This intervention was possible thanks to IBM Security’s comprehensive solutions for keeping your IT systems protected. From endpoint management to threat detection and incident response, IBM offers advanced solutions that exploit the potential of automation, analytics and artificial intelligence.
Ask your NOVIPRO advisor about IBM solutions.