Cyber attack on your company! How you should react

Companies are increasingly becoming the target of cyber attacks. Customer data and other sensitive data is often stolen, modified, deleted or encrypted. How companies should react to a cyber attack.
Categories:

Small and medium-sized enterprises (SMEs) are increasingly becoming the target of cyber attacks. Customer data and other sensitive data is often stolen, altered, deleted or encrypted. How companies should react to a cyber attack.

First steps after a cyber attack

In the event of a cyber attack, the Federal Office for Information Security (BSI) recommends the following procedure:

  1. Disconnect your devices or company IT from the Internet.

    For individual devices, this may mean pulling the mains plug or deactivating WLAN services.

    In the case of corporate IT, this can be done via the company's network components or firewall.

    This prevents the attacker from being able to control their attack, e.g. a ransomware, and possible data exfiltration is prevented.

  2. Do not switch off the computers and devices affected by the attack and do not modify them. This can hinder the work of IT forensic experts or investigators who are called in later.

Do not respond to ransom demands from cyber criminals

"If a ransom is demanded, never agree to it," warns the BSI. This is because there is no guarantee that the affected company will actually receive a decryption key after paying the ransom. 

It is more important to first find out how the attackers gained access to the system. This access must be closed, otherwise the cyber attack may be repeated. 

Once the gateway has been found and closed, the backups of the company data can be restored. Of course, it is important that data backups are carried out regularly. Business operations can now be resumed.

What remains: If sensitive customer data is stolen, it can end up on the darknet or be passed on to other criminals.

Reading tip: Operation Endgame - the biggest blow against cybercrime

After a cyber attack: create a logbook of the security incident

The BSI also recommends creating a logbook. All actions and events in connection with the security incident should be documented there. Each entry in the document should contain at least the following information:

  • Time and date of the event
  • Name of the person who carried out the action or was informed of the event
  • the description of the action or event.

Link tip: BSI assistance in the event of an IT security incident

Legal aspects of a cyber attack

Important for companies that process personal data and are subject to the General Data Protection Regulation: They must inform the responsible data protection officer and their customers in the event of a security incident.

Ideally, there is already a concept for internal and external communication that takes effect in the event of a security incident.

In addition, it is essential to report a cyber attack to the police. Good contacts for this are the "Central Cybercrime Contact Points (ZAC)" of the relevant police authorities.

Tags:
Share this post :
en_USEnglish