OMG, we’ve been attacked! Don't panic, here's what to do
Sooner or later, it was bound to happen.
Maybe somebody forgot to run a security update on a less used ERP component. Or maybe someone had been sloppy with his password. But the fact remains: your company’s security has been breached and you need to do something about it – fast.
First of all, a clear understanding of responsibilities is important:
- Who should be alerted about the situation first?
- Who are assigned to contain and fix the problem?
- Who makes the decisions?
- Whose daily work does the crisis affect and how should they be informed?
- Who handles the possible media inquiries and communications?
When everyone knows their tasks, no time is lost in meddling. And in a situation like this, time is of essence. You have to act quickly so that you can contain the damage and prevent it from causing further damage.
If you feel uncertain how well you are equipped to handle a security crisis, you are not alone: a recent study by security company RSA showed that only 24% of organisations are satisfied with their capabilities to detect security problems – and just 11% believe that they are able to investigate the threats swiftly.
Just enforce your processes, they are healthy for you
Even though you must be fast, you shouldn’t lose your cool. Instead of just working fervently to fix the situation you need to understand how the breach affects your organisation as a whole. You have to have a full picture of what has actually happened: Who the attackers are? What are they after? Have they been successful?
Good processes make life a lot easier, especially in crisis situations.
Enforcing good security policies and security culture across the entire organisation is no small task. Every single employee from messenger to CEO must understand how he or she is responsible for the overall security of the company.
And just as you need to have fire drills every now and then, you should also practice what to do when security is breached.
Know your assets
Don’t forget that the security vulnerability may have been there for some time without being noticed. How can you be sure that it hasn’t already been used against you before? You need to be able to do backward analysis and understand what parts of your system are well protected and what parts may have lacked adequate protection.
If you have full visibility to all your assets (you should!) you can investigate the effects of the attack across the whole infrastructure and put it in its context. This ensures that you understand how the attack affects your company’s business and what the next steps should be.
Security is a complex beast. Visibility is what tames it.
For more information on getting security right, please see our white paper.